04-09-2007 04:28 AM - edited 03-11-2019 02:57 AM
As a PIX 7.2(2) Cisco Command Line Configuration Guide document,
ESMTP inspection detects attacks, including spam, phising, malformed message attacks, buffer
overflow/underflow attacks. It also provides support for application security and protocol conformance,
which enforce the sanity of the ESMTP messages as well as detect several attacks, block
senders/receivers, and block mail relay.
-> 1. How can a PIX Appliance work doing for detecting abnormal packets ?
For what kinf of interelation between a parameter in lower part with a PIX function (detect attack including spam, phising, malformed attacks, buffer overflow/underflow attacks)?
- configure mail realy
- body line length
- commnad line length
- Sender address length
- command recipient count
- MIME file length
-> 2. If a PIX was configured as a default inspection policy(for a factory default),
Can it be possible that a PIX blocks a packet by default inspection?
(I didn't change any config of application inspection to a PIX.
pix appliance has a factory default inspection config.)
Could you tell me whether a packet going through a pix is denied by default inspection policy or not?
additionaly, I'm wordering whether ESMTP Commands (AUTH, EHLO, DATA, HELO, NOOP ..)feature etc..) are restricted or not in default ESMTP Inspection Policy
-> 3. If a PIX was configured like below (factory default), which type of a packet(inbound or outbound) will be affected by default Inspection Rule ?
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
(Will outgoing smtp or esmtp packet be effected by a PIX, If there is no mail server in inside network zone ?)
-> 4. Could you let me know a proper parameter value of a ESMTP Inspection Policy ?
or a recommended value considered a various environment in case by case?
What is somthing needed to know or consider for a settup ESMTP Inspection configuration.
04-16-2007 06:45 AM
If you use Transport Layer Security (TLS) encryption for e-mail communication then the ESMTP inspection feature (enabled by default) in the PIX drops the packets. In order to allow the e-mails with TLS enabled, disable the ESMTP inspection feature as this output shows.
pix(config)#policy-map global_policy
pix(config-pmap)#class inspection_default
pix(config-pmap-c)#no inspect esmtp
pix(config-pmap-c)#exit
pix(config-pmap)#exit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide