Cisco ASA Series Cli Configuration Manual page 1140

SMTP and Extended SMTP Inspection
Configuring an ESMTP Inspection Policy Map for Additional Inspection
Control
ESMTP inspection detects attacks, including spam, phising, malformed message attacks, buffer
overflow/underflow attacks. It also provides support for application security and protocol conformance,
which enforce the sanity of the ESMTP messages as well as detect several attacks, block
senders/receivers, and block mail relay.
To specify actions when a message violates a parameter, create an ESMTP inspection policy map. You
can then apply the inspection policy map when you enable ESMTP inspection.
To create an ESMTP inspection policy map, perform the following steps:
Step 1
(Optional) Add one or more regular expressions for use in traffic matching commands according to the
"Creating a Regular Expression" section on page
commands described in
Step 2
(Optional) Create one or more regular expression class maps to group regular expressions according to
the
Step 3
Create an ESMTP inspection policy map, enter the following command:
hostname(config)# policy-map type inspect esmtp policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Step 4
(Optional) To add a description to the policy map, enter the following command:
hostname(config-pmap)# description string
Step 5
To apply actions to matching traffic, perform the following steps.
a.
b.
Cisco ASA Series CLI Configuration Guide
1-34
Step 3.
"Creating a Regular Expression Class Map" section on page
Specify the traffic on which you want to perform actions using one of the following methods:
•
Specify the ESMTP class map that you created in
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
•
Specify traffic directly in the policy map using one of the match commands described in
If you use a match not command, then any traffic that does not match the criterion in the match
not command has the action applied.
Specify the action you want to perform on the matching traffic by entering the following command:
hostname(config-pmap-c)# {[drop [send-protocol-error] |
drop-connection [send-protocol-error]| mask | reset] [log] | rate-limit message_rate}
Not all options are available for each match or class command. See the CLI help or the command
reference for the exact options available.
The drop keyword drops all packets that match.
The send-protocol-error keyword sends a protocol error message.
The drop-connection keyword drops the packet and closes the connection.
The mask keyword masks out the matching portion of the packet.
The reset keyword drops the packet, closes the connection, and sends a TCP reset to the server
and/or client.
Chapter 1 Configuring Inspection of Basic Internet Protocols
1-14. See the types of text you can match in the match
1-17.
Step 3 by entering the following command:
Step 3.