68-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 68 E-Mail Proxy
Default Servers
Fields
• POP3S/IMAP4S/SMTPS Default Server—Let you configure a default server, port and
non-authenticated session limit for e-mail proxies.
• Name or IP Address—Type the DNS name or IP address for the default e-mail proxy server.
• Port—Type the port number on which the adaptive security appliance listens for e-mail proxy traffic.
Connections are automatically allowed to the configured port. The e-mail proxy allows only SSL
connections on this port. After the SSL tunnel establishes, the e-mail proxy starts, and then
authentication occurs.
For POP3s the default port is 995, for IMAP4S it is 993, and for SMTPS it is 988.
• Enable non-authenticated session limit—Select to restrict the number of non-authenticated e-mail
proxy sessions.
E-mail proxy connections have three states:
1. A new e-mail connection enters the “unauthenticated” state.
2. When the connection presents a username, it enters the “authenticating” state.
3. When the adaptive security appliance authenticates the connection, it enters the “authenticated”
state.
This feature lets you set a limit for sessions in the process of authenticating, thereby preventing DOS
attacks. When a new session exceeds the set limit, the adaptive security appliance terminates the
oldest non-authenticating connection. If there are no non-authenticating connections, the oldest
authenticating connection is terminated. The does not terminate authenticated sessions.
To Next Page
Loading...
