Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX ESMTP Application Inspection

As a PIX 7.2(2) Cisco Command Line Configuration Guide document,

ESMTP inspection detects attacks, including spam, phising, malformed message attacks, buffer

overflow/underflow attacks. It also provides support for application security and protocol conformance,

which enforce the sanity of the ESMTP messages as well as detect several attacks, block

senders/receivers, and block mail relay.

-> 1. How can a PIX Appliance work doing for detecting abnormal packets ?

For what kinf of interelation between a parameter in lower part with a PIX function (detect attack including spam, phising, malformed attacks, buffer overflow/underflow attacks)?

- configure mail realy

- body line length

- commnad line length

- Sender address length

- command recipient count

- MIME file length

-> 2. If a PIX was configured as a default inspection policy(for a factory default),

Can it be possible that a PIX blocks a packet by default inspection?

(I didn't change any config of application inspection to a PIX.

pix appliance has a factory default inspection config.)

Could you tell me whether a packet going through a pix is denied by default inspection policy or not?

additionaly, I'm wordering whether ESMTP Commands (AUTH, EHLO, DATA, HELO, NOOP ..)feature etc..) are restricted or not in default ESMTP Inspection Policy

-> 3. If a PIX was configured like below (factory default), which type of a packet(inbound or outbound) will be affected by default Inspection Rule ?

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

service-policy global_policy global

(Will outgoing smtp or esmtp packet be effected by a PIX, If there is no mail server in inside network zone ?)

-> 4. Could you let me know a proper parameter value of a ESMTP Inspection Policy ?

or a recommended value considered a various environment in case by case?

What is somthing needed to know or consider for a settup ESMTP Inspection configuration.

1 REPLY
Silver

Re: PIX ESMTP Application Inspection

If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.

pix(config)#policy-map global_policy

pix(config-pmap)#class inspection_default

pix(config-pmap-c)#no inspect esmtp

pix(config-pmap-c)#exit

pix(config-pmap)#exit

468
Views
0
Helpful
1
Replies
CreatePlease to create content