As a PIX 7.2(2) Cisco Command Line Configuration Guide document,
ESMTP inspection detects attacks, including spam, phising, malformed message attacks, buffer
overflow/underflow attacks. It also provides support for application security and protocol conformance,
which enforce the sanity of the ESMTP messages as well as detect several attacks, block
senders/receivers, and block mail relay.
-> 1. How can a PIX Appliance work doing for detecting abnormal packets ?
For what kinf of interelation between a parameter in lower part with a PIX function (detect attack including spam, phising, malformed attacks, buffer overflow/underflow attacks)?
- configure mail realy
- body line length
- commnad line length
- Sender address length
- command recipient count
- MIME file length
-> 2. If a PIX was configured as a default inspection policy(for a factory default),
Can it be possible that a PIX blocks a packet by default inspection?
(I didn't change any config of application inspection to a PIX.
pix appliance has a factory default inspection config.)
Could you tell me whether a packet going through a pix is denied by default inspection policy or not?
additionaly, I'm wordering whether ESMTP Commands (AUTH, EHLO, DATA, HELO, NOOP ..)feature etc..) are restricted or not in default ESMTP Inspection Policy
-> 3. If a PIX was configured like below (factory default), which type of a packet(inbound or outbound) will be affected by default Inspection Rule ?
inspect dns migrated_dns_map_1
inspect h323 h225
inspect h323 ras
service-policy global_policy global
(Will outgoing smtp or esmtp packet be effected by a PIX, If there is no mail server in inside network zone ?)
-> 4. Could you let me know a proper parameter value of a ESMTP Inspection Policy ?
or a recommended value considered a various environment in case by case?
What is somthing needed to know or consider for a settup ESMTP Inspection configuration.