Defaults For Esmtp Inspection - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 13
Inspection of Basic Internet Protocols
•
Defaults for ESMTP Inspection
ESMTP inspection is enabled by default, using the _default_esmtp_map inspection policy map.
•
•
•
•
•
•
•
•
•
Following is the policy map configuration:
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask
Command pipelining.
The server banner is masked.
Encrypted connections are not allowed. The STARTTLS indication is removed from the session
connection attempt, forcing the client and server to negotiate a plain text session, which can be
inspected.
Special characters in sender and receiver address are not noticed, no action is taken.
Connections with command line length greater than 512 are dropped and logged.
Connections with more than 100 recipients are dropped and logged.
Messages with body length greater than 998 bytes are logged.
Connections with header line length greater than 998 are dropped and logged.
Messages with MIME filenames greater than 255 characters are dropped and logged.
EHLO reply parameters matching "others" are masked.
SMTP and Extended SMTP Inspection
Cisco ASA Series Firewall CLI Configuration Guide
13-41
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
