cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1733
Views
5
Helpful
4
Replies

ASA ESMTP inspection for blocking inbound spoofed own domain

jmprats
Level 4
Level 4

Hi, I'm using ESMTP inspection and I want to block the incoming mails with an spoofed "mail_from" address from our own domain.

I can use ESMTP inspection with regex to block this domain, but I want to block only that incoming mails (the outgoing are good). How can I do that?

Thanks

1 Accepted Solution

Accepted Solutions

I assume that you already have global_policy, if you do, then all you need to do is enabled "inspect esmtp" under global_policy for your first class-map (ie: you don't need to separately configure "class 1").

So service-policy that you applied to the outside interface will say:

policy-map Mail

     class 2 match "incoming traffic"

          inspect esmtp "Block spoofed domain"
service-policy Mail interface outside

View solution in original post

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

You can also create and match on access-list, and the access-list will say "permit tcp any host eq 25"

OK, but at the same time I want ESMTP inspection for outgoing mails, can I put to classes into a policy-map, both doing esmtp inspection?

Something like that:

policy-map Mail

     class 1 match all traffic

          inspect esmtp

     class 2 match "incoming traffic"

          inspect esmtp "Block spoofed domain"


service-policy Mail interface outside

Performance? Or is there a better way to do that?

Thanks

I assume that you already have global_policy, if you do, then all you need to do is enabled "inspect esmtp" under global_policy for your first class-map (ie: you don't need to separately configure "class 1").

So service-policy that you applied to the outside interface will say:

policy-map Mail

     class 2 match "incoming traffic"

          inspect esmtp "Block spoofed domain"
service-policy Mail interface outside

OK, working!

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: