13-43
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 13 Inspection of Basic Internet Protocols
SMTP and Extended SMTP Inspection
•
match
[
not
]
header
{
length
|
line length
}
gt
bytes
—Matches messages where the length or
length of a line in an ESMTP header is greater than the specified number of bytes.
•
match
[
not
]
header to-fields count gt
count
—Matches messages where the number of To
fields in the header is greater than the specified number.
•
match
[
not
]
invalid-recipients count gt
number
—Matches messages where the number of
invalid recipients is greater than the specified count.
•
match
[
not
]
mime filetype regex
{
regex_name
|
class
class_name
}—Matches the MIME or
media file type against the specified regular expression or regular expression class.
•
match
[
not
]
mime filename length gt
bytes
—Matches messages where a file name is longer
than the specified number of bytes.
•
match
[
not
]
mime encoding
type
[
type2
...]—Matches the MIME encoding type. You can
specify one or more of the following types: 7bit, 8bit, base64, binary, others, quoted-printable.
•
match
[
not
]
sender-address
regex
{
regex_name
|
class
class_name
}—Matches the sender
email address against the specified regular expression or regular expression class.
•
match
[
not
]
sender-address length gt
bytes
—Matches messages where the sender address is
greater than the specified number of bytes.
b.
Specify the action you want to perform on the matching traffic by entering the following command:
hostname(config-pmap-c)# {
drop-connection
[
log
]|
mask
[
log
] |
reset
[
log
] |
log
|
rate-limit
message_rate
}
Not all options are available for each
match
command. See the CLI help or the command reference
for the exact options available.
•
The
drop-connection
keyword drops the packet and closes the connection.
•
The
mask
keyword masks out the matching portion of the packet. This action is available for
ehlo-reply-parameter
and
cmd
verb
only.
•
The
reset
keyword drops the packet, closes the connection, and sends a TCP reset to the server
and/or client.
•
The
log
keyword, which you can use alone or with one of the other keywords, sends a system
log message.
•
The
rate-limit
message_rate
argument limits the rate of messages. This option is available with
cmd
verb
only, where you can use it as the only action, or you can use it in conjunction with
the
mask
action.
You can specify multiple
match
commands in the policy map. For information about the order of
match
commands, see
How Multiple Traffic Classes are Handled, page 12-4
Step 4
To configure parameters that affect the inspection engine, perform the following steps:
a.
To enter parameters configuration mode, enter the following command:
hostname(config-pmap)#
parameters
hostname(config-pmap-p)#
b.
Set one or more parameters. You can set the following options; use the
no
form of the command to
disable the option:
•
mail-relay
domain-name
action
{
drop-connection
[
log
] |
log
}—Identifies a domain name for
mail relay. You can either drop the connection and optionally log it, or log it.
•
mask-banner
—Masks the banner from the ESMTP server.
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......