17-34
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Configuring ESMTP Maps
Use the Add and Edit ESMTP Map dialog boxes to define the match criterion and values for the ESMTP
inspect map. An ESMTP policy map lets you change the default configuration values used for ESMTP
inspection.
ESMTP inspection detects attacks, including spam, phising, malformed message attacks, and buffer
overflow/underflow attacks. It also provides support for application security and protocol conformance,
which enforce the sanity of the ESMTP messages as well as detect several attacks, block
senders/receivers, and block mail relay.
Navigation Path
Select Manage > Policy Objects, then select Maps > Policy Maps > Inspect > ESMTP from the Object
Type selector. Right-click inside the table, then select New Object or right-click a row and select Edit
Object.
Related Topics
Understanding Map Objects, page 6-72
Configuring Protocols and Maps for Inspection, page 17-21
Field Reference
Table17-17 Add and Edit ESMTP Map Dialog Boxes
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
Parameters tab
Mask Server Banner Whether to mask the server banner to prevent the client from
discovering server information.
Configure Mail Relay
Domain Name
Action
Whether to have ESMTP inspection detect mail relay. When you select
this option, enter the domain name you are inspecting and select the
action you want to take when mail relay is detected.
Special Character
(ASA7.2.3+/PIX7.2.3+)
Action
Whether you want to detect special characters in sender or receiver
email addresses. If you select this option, select the action you want to
take when special characters are detected.
Allow TLS (ASA7.2.3+,
8.0.3+/PIX7.2.3)
Action Log
Whether to allow a TLS proxy on the security appliance. If you select
this option, you can also select Action Log to create a log entry when
TLS is detected.