21-26
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 21 Managing Zone-based Firewall Rules
Configuring Inspection Maps for Zone-based Firewall Policies
Body Regular Expression—Applies a regular expression to match the content types and content
encoding types for text and HTML in the body of an e-mail message. Only text or HTML that uses
7-bit or 8-bit encoding is checked. The regular expression cannot be scanned in messages that use
another encoding type (such as base64 or zip files).
Command Line Length—Specifies that the length of the ESMTP command line not be greater than
the specified number. Use this to thwart Denial of Service (DoS) attacks.
Command Verb—Limits inspection to the selected SMTP or ESMTP command. If you configure
inspection for SMTP, all commands are inspected unless you limit them.
Header Length—Specifies that the length of the SMTP header is greater than the specified number.
Use this to thwart DoS attacks by limiting the possible size of the header.
Header Regular Expression—Applies a regular expression to match the content of the header of an
e-mail message. For example, you can use this to test for particular patterns in the subject, from, or
to fields.
Mime Content-Type Regular Expression—Applies a regular expression to match the Multipurpose
Internet Message Exchange (MIME) content type of an e-mail attachment. Use this to prevent the
transmission of undesired types of attachments.
Mime Encoding—Specifies the MIME encoding type for e-mail attachments that you want to
inspect. You can use this to identify unknown or non-standard encodings to restrict their
transmission.
Recipient Address—Applies a regular expression to match the recipient of an e-mail message in the
SMTP RCPT command. Use this to search for a non-existent recipient, which might help you
identify the source of spam.
Recipient Count—Specifies that the number of recipients for an e-mail message cannot be greater
than the specified number. Use this to prevent spammers from sending e-mails to a large number of
users.
Recipient Invalid Count—Specifies that the number of invalid recipients for an e-mail message
cannot be greater than the specified number. Use this prevent spammers from sending e-mails to a
large number common names, where they are fishing for real addresses. SMTP typically replies with
a “no such address” message when an address is invalid; by putting a limit on the number of invalid
addresses, you can prevent these replies to spammers.
Reply EHLO—Specifies the service extension parameter in an EHLO server reply. Use this to
prevent a client from using a particular service extension.
Sender Address—Applies a regular expression to match the sender of an e-mail message. Use this
to block specific senders, such as known spammers, from sending e-mail messages through the
device.
Navigation Path
From the Add or Edit Class Maps dialog boxes for SMTP classes, right-click inside the table and select
Add Row or right-click a row and select Edit Row. See Configuring Class Maps for Zone-Based
Firewall Policies, page 21-17.
Related Topics
Understanding Map Objects, page 6-72
Configuring Inspection Maps for Zone-based Firewall Policies, page21-15
Understanding the Zone-based Firewall Rules, page 21-3