43-32
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter43 Configuring Inspection of Basic Internet Protocols
SMTP and Extended SMTP Inspection
The MAIL and RCPT commands specify who are the sender and the receiver of the mail. Mail
addresses are scanned for strange characters. The pipeline character (|) is deleted (changed to a blank
space) and “<” ‚”>” are only allowed if they are used to define a mail address (“>” must be preceded
by “<”).
Unexpected transition by the SMTP server.
For unknown commands, the ASA changes all the characters in the packet to X. In this case, the
server generates an error code to the client. Because of the change in the packed, the TCP checksum
has to be recalculated or adjusted.
TCP stream editing.
Command pipelining.
Configuring an ESMTP Inspection Policy Map for Additional Inspection Control
ESMTP inspection detects attacks, including spam, phising, malformed message attacks, buffer
overflow/underflow attacks. It also provides support for application security and protocol conformance,
which enforce the sanity of the ESMTP messages as well as detect several attacks, block
senders/receivers, and block mail relay.
To specify actions when a message violates a parameter, create an ESMTP inspection policy map. You
can then apply the inspection policy map when you enable ESMTP inspection.
To create an ESMTP inspection policy map, perform the following steps:
Step1 (Optional) Add one or more regular expressions for use in traffic matching commands according to the
“Creating a Regular Expression” section on page 13-12. See the types of text you can match in the match
commands described in Step3.
Step2 (Optional) Create one or more regular expression class maps to group regular expressions according to
the “Creating a Regular Expression Class Map” section on page 13-15.
Step3 Create an ESMTP inspection policy map, enter the following command:
hostname(config)# policy-map type inspect esmtp policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
Step4 (Optional) To add a description to the policy map, enter the following command:
hostname(config-pmap)# description string
Step5 To apply actions to matching traffic, perform the following steps.
a. Specify the traffic on which you want to perform actions using one of the following methods:
Specify the ESMTP class map that you created in Step 3 by entering the following command:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
Specify traffic directly in the policy map using one of the match commands described in Step3.
If you use a match not command, then any traffic that does not match the criterion in the match
not command has the action applied.
b. Specify the action you want to perform on the matching traffic by entering the following command: