Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1748
Views
5
Helpful
4
Replies

ASA ESMTP inspection for blocking inbound spoofed own domain

Go to solution
jmprats
Level 4
Level 4

‎02-10-2011 01:18 AM - edited ‎03-11-2019 12:48 PM

Hi, I'm using ESMTP inspection and I want to block the incoming mails with an spoofed "mail_from" address from our own domain.

I can use ESMTP inspection with regex to block this domain, but I want to block only that incoming mails (the outgoing are good). How can I do that?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to jmprats

‎02-10-2011 03:21 PM

I assume that you already have global_policy, if you do, then all you need to do is enabled "inspect esmtp" under global_policy for your first class-map (ie: you don't need to separately configure "class 1").

So service-policy that you applied to the outside interface will say:

policy-map Mail

     class 2 match "incoming traffic"

          inspect esmtp "Block spoofed domain"
service-policy Mail interface outside

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-10-2011 01:53 AM

You can also create and match on access-list, and the access-list will say "permit tcp any host eq 25"

Go to solution
jmprats
Level 4
Level 4
In response to Jennifer Halim

‎02-10-2011 03:12 AM

OK, but at the same time I want ESMTP inspection for outgoing mails, can I put to classes into a policy-map, both doing esmtp inspection?

Something like that:

policy-map Mail

     class 1 match all traffic

          inspect esmtp

     class 2 match "incoming traffic"

          inspect esmtp "Block spoofed domain"


service-policy Mail interface outside

Performance? Or is there a better way to do that?

Thanks

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to jmprats

‎02-10-2011 03:21 PM

I assume that you already have global_policy, if you do, then all you need to do is enabled "inspect esmtp" under global_policy for your first class-map (ie: you don't need to separately configure "class 1").

So service-policy that you applied to the outside interface will say:

policy-map Mail

     class 2 match "incoming traffic"

          inspect esmtp "Block spoofed domain"
service-policy Mail interface outside

0 Helpful

Go to solution
jmprats
Level 4
Level 4
In response to Jennifer Halim

‎02-11-2011 01:20 AM

OK, working!

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card