Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
47-56
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 47 Configuring Inspection of Basic Internet Protocols
SMTP and Extended SMTP Inspection
ESMTP Inspect Map
The ESMTP Inspect Map dialog box is accessible as follows:
Configuration > Global Objects > Inspect Maps > ESMTP
The ESMTP pane lets you view previously configured ESMTP application inspection maps. An ESMTP
map lets you change the default configuration values used for ESMTP application inspection.
Since ESMTP traffic can be a main source of attack from spam, phising, malformed messages, buffer
overflows, and buffer underflows, detailed packet inspection and control of ESMTP traffic are
supported. Application security and protocol conformance enforce the sanity of the ESMTP message as
well as detect several attacks, block senders and receivers, and block mail relay.
Fields
ESMTP Inspect Maps—Table that lists the defined ESMTP inspect maps.
Add—Configures a new ESMTP inspect map. To edit an ESMTP inspect map, choose the ESMTP
entry in the ESMTP Inspect Maps table and click Customize.
Delete—Deletes the inspect map selected in the ESMTP Inspect Maps table.
Security Level—Select the security level (high, medium, or low).
Low—Default.
Log if command line length is greater than 512
Log if command recipient count is greater than 100
Log if body line length is greater than 1000
Log if sender address length is greater than 320
Log if MIME file name length is greater than 255
Medium
Obfuscate Server Banner
Drop Connections if command line length is greater than 512
Drop Connections if command recipient count is greater than 100
Drop Connections if body line length is greater than 1000
Drop Connections if sender address length is greater than 320
Drop Connections if MIME file name length is greater than 255
High
Obfuscate Server Banner
Drop Connections if command line length is greater than 512
Drop Connections if command recipient count is greater than 100
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••