02-10-2011 01:18 AM - edited 03-11-2019 12:48 PM
Hi, I'm using ESMTP inspection and I want to block the incoming mails with an spoofed "mail_from" address from our own domain.
I can use ESMTP inspection with regex to block this domain, but I want to block only that incoming mails (the outgoing are good). How can I do that?
Thanks
Solved! Go to Solution.
02-10-2011 03:21 PM
I assume that you already have global_policy, if you do, then all you need to do is enabled "inspect esmtp" under global_policy for your first class-map (ie: you don't need to separately configure "class 1").
So service-policy that you applied to the outside interface will say:
policy-map Mail
class 2 match "incoming traffic"
inspect esmtp "Block spoofed domain"
service-policy Mail interface outside
02-10-2011 01:53 AM
You can also create and match on access-list, and the access-list will say "permit tcp any host
02-10-2011 03:12 AM
OK, but at the same time I want ESMTP inspection for outgoing mails, can I put to classes into a policy-map, both doing esmtp inspection?
Something like that:
policy-map Mail
class 1 match all traffic
inspect esmtp
class 2 match "incoming traffic"
inspect esmtp "Block spoofed domain"
service-policy Mail interface outside
Performance? Or is there a better way to do that?
Thanks
02-10-2011 03:21 PM
I assume that you already have global_policy, if you do, then all you need to do is enabled "inspect esmtp" under global_policy for your first class-map (ie: you don't need to separately configure "class 1").
So service-policy that you applied to the outside interface will say:
policy-map Mail
class 2 match "incoming traffic"
inspect esmtp "Block spoofed domain"
service-policy Mail interface outside
02-11-2011 01:20 AM
OK, working!
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide