cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


165
Views
0
Helpful
0
Replies
Highlighted
Beginner

ASA - esmtp inspecting - block AUTH

I'm trying to block the ESMTP EHLO AUTH response message on an ASA version 9.4(4)16 from coming to the client from the server. The application does not support disabling authentication if the server indicates it is supported, but the server is not managed not by us. Here's what I have:

 

access-list test-smtp-acl extended permit tcp host 10.200.242.165 host 172.20.119.159

class-map test-smtp-class
 match access-list test-smtp-acl

policy-map type inspect esmtp block-auth
 parameters
  no mask-banner
  allow-tls action log
 match ehlo-reply-parameter auth
  mask log

policy-map global_policy
 class test-smtp-class
  inspect esmtp block-auth

I know it's matching, because if I turn on "mask-banner" it shows the typical *** instead of the SMTP server name. However, it is allowing the AUTH command through:

220 **************************************************************************************************
250-hostname.example.com Hello [10.200.242.165]
250-SIZE 2136746229
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST

Just for kicks, I also said to block PIPELINING, but it allowed that response through too. Any thoughts?

Everyone's tags (3)