EasyManua.ls Logo

Cisco ASA 5506W-X

Cisco ASA 5506W-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
13-41
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Inspection of Basic Internet Protocols
SMTP and Extended SMTP Inspection
Command pipelining.
Defaults for ESMTP Inspection
ESMTP inspection is enabled by default, using the _default_esmtp_map inspection policy map.
The server banner is masked.
Encrypted connections are not allowed. The STARTTLS indication is removed from the session
connection attempt, forcing the client and server to negotiate a plain text session, which can be
inspected.
Special characters in sender and receiver address are not noticed, no action is taken.
Connections with command line length greater than 512 are dropped and logged.
Connections with more than 100 recipients are dropped and logged.
Messages with body length greater than 998 bytes are logged.
Connections with header line length greater than 998 are dropped and logged.
Messages with MIME filenames greater than 255 characters are dropped and logged.
EHLO reply parameters matching “others” are masked.
Following is the policy map configuration:
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask

Table of Contents

Other manuals for Cisco ASA 5506W-X

Related product manuals