Cisco Systems ASA 5580 Webcam User Manual


 
11-53
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 11 Configuring Inspection of Basic Internet Protocols
SMTP and Extended SMTP Inspection
Other extended SMTP commands, such as ATRN, ONEX, VERB, CHUNKING, and private extensions
and are not supported. Unsupported commands are translated into Xs, which are rejected by the internal
server. This results in a message such as “500 Command unknown: 'XXX'.” Incomplete commands are
discarded.
The ESMTP inspection engine changes the characters in the server SMTP banner to asterisks except for
the “2”, “0”, “0” characters. Carriage return (CR) and linefeed (LF) characters are ignored.
With SMTP inspection enabled, a Telnet session used for interactive SMTP may hang if the following
rules are not observed: SMTP commands must be at least four characters in length; must be terminated
with carriage return and line feed; and must wait for a response before issuing the next reply.
An SMTP server responds to client requests with numeric reply codes and optional human-readable
strings. SMTP application inspection controls and reduces the commands that the user can use as well
as the messages that the server returns. SMTP inspection performs three primary tasks:
Restricts SMTP requests to seven basic SMTP commands and eight extended commands.
Monitors the SMTP command-response sequence.
Generates an audit trail—Audit record 108002 is generated when invalid character embedded in the
mail address is replaced. For more information, see RFC 821.
SMTP inspection monitors the command and response sequence for the following anomalous signatures:
Truncated commands.
Incorrect command termination (not terminated with <CR><LR>).
The MAIL and RCPT commands specify who are the sender and the receiver of the mail. Mail
addresses are scanned for strange characters. The pipeline character (|) is deleted (changed to a blank
space) and “<” ‚”>” are only allowed if they are used to define a mail address (“>” must be preceded
by “<”).
Unexpected transition by the SMTP server.
For unknown commands, the ASA changes all the characters in the packet to X. In this case, the
server generates an error code to the client. Because of the change in the packed, the TCP checksum
has to be recalculated or adjusted.
TCP stream editing.
Command pipelining.
Select ESMTP Map
The Select ESMTP Map dialog box is accessible as follows:
Add/Edit Service Policy Rule Wizard > Rule Actions >
Protocol Inspection Tab >Select ESMTP Map
The Select ESMTP Map dialog box lets you select or create a new ESMTP map. An ESMTP map lets
you change the configuration values used for ESMTP application inspection. The Select ESMTP Map
table provides a list of previously configured maps that you can select for application inspection.
Fields
Use the default ESMTP inspection map—Specifies to use the default ESMTP map.
Select an ESMTP map for fine control over inspectionLets you select a defined application
inspection map or add a new one.
Add—Opens the Add Policy Map dialog box for the inspection.