Configure Esmtp Inspection; Configure An Esmtp Inspection Policy Map - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
SMTP and Extended SMTP Inspection
Configure ESMTP Inspection
ESMTP inspection is enabled by default. You need to configure it only if you want to different process
than that provided by the default inspection map.
Procedure
Step 1
Configure an ESMTP Inspection Policy Map, page
Step 2
Configure the ESMTP Inspection Service Policy, page
Configure an ESMTP Inspection Policy Map
To specify actions when a message violates a parameter, create an ESMTP inspection policy map. You
can then apply the inspection policy map when you enable ESMTP inspection.
Before You Begin
Some traffic matching options use regular expressions for matching purposes. If you intend to use one
of those techniques, first create the regular expression or regular expression class map.
Procedure
Create an ESMTP inspection policy map, enter the following command:
Step 1
hostname(config)# policy-map type inspect esmtp policy_map_name
hostname(config-pmap)#
Where the policy_map_name is the name of the policy map. The CLI enters policy-map configuration
mode.
(Optional) To add a description to the policy map, enter the following command:
Step 2
hostname(config-pmap)# description string
To apply actions to matching traffic, perform the following steps.
Step 3
a.
Cisco ASA Series Firewall CLI Configuration Guide
13-42
Specify the traffic on which you want to perform actions using one of the following match
commands. If you use a match not command, then any traffic that does not match the criterion in
the match not command has the action applied.
match [not] body {length | line length} gt bytes—Matches messages where the length or
•
length of a line in an ESMTP body message is greater than the specified number of bytes.
match [not] cmd verb verb1 [verb2...]—Matches the command verb in the message. You can
•
specify one or more of the following commands: auth, data, ehlo, etrn, helo, help, mail, noop,
quit, rcpt, rset, saml, soml, vrfy.
match [not] cmd line length gt bytes—Matches messages where the length of a line in the
•
command verb is greater than the specified number of bytes.
match [not] cmd rcpt count gt count—Matches messages where the number of recipients is
•
greater than the specified count.
match [not] ehlo-reply-parameter parameter [parameter2...]—Matches ESMTP EHLO reply
•
parameters. You can specify one or more of the following parameters: 8bitmime, auth,
binaryname, checkpoint, dsn, etrn, others, pipelining, size, vrfy.
Chapter 13
Inspection of Basic Internet Protocols
13-42.
13-44.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
