ASA default esmtp inspect map

Unanswered Question
Aug 30th, 2007

Hello,

Is there some documentation on what exactly the default esmtp inspect map does? I am unable to find any. I would like to create an own esmtp inspect map but would like to base it on the default map.

By the way. Cisco's default esmtp inspect map covers the hostname in the ehlo command. This is a violation of certain RFCs!

Kind regards,

Rutger

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rutger Blom Thu, 08/30/2007 - 22:30

Thanks!

This describes how to create an esmpt inspect. What I am looking for is the values of the default esmpt inspect. What does it do to my esmpt traffic?

Kind regards,

Rutger

gregbeifuss Fri, 02/25/2011 - 07:48

If you're using the default inspection, use sh run all policy-map _default_esmtp_map to show what the ASA is doing:

policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
  mask-banner
  no mail-relay
  no special-character
  no allow-tls
match cmd line length gt 512
  drop-connection log
match cmd RCPT count gt 100
  drop-connection log
match body line length gt 998
  log
match header line length gt 998
  drop-connection log
match sender-address length gt 320
  drop-connection log
match MIME filename length gt 255
  drop-connection log
match ehlo-reply-parameter others
  mask

Greg

Actions

This Discussion