Re: ASA default esmtp inspect map

Rutger Blom · ‎08-30-2007

Hello,

Is there some documentation on what exactly the default esmtp inspect map does? I am unable to find any. I would like to create an own esmtp inspect map but would like to base it on the default map.

By the way. Cisco's default esmtp inspect map covers the hostname in the ehlo command. This is a violation of certain RFCs!

Kind regards,

Rutger

srue · ‎08-30-2007

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1478782

Rutger Blom · ‎08-30-2007

Thanks!

This describes how to create an esmpt inspect. What I am looking for is the values of the default esmpt inspect. What does it do to my esmpt traffic?

Kind regards,

Rutger

gregbeifuss · ‎02-25-2011

If you're using the default inspection, use sh run all policy-map _default_esmtp_map to show what the ASA is doing:

policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask

Greg