access-list SERVER_SMTP permit tcp any host 10.1.1.2 eq 25
class-map SMTP_SERVER
match access-list SERVER_SMTP
2. Create a inspection policy map in order to tune the SMTP engine inspection
Example: Mask SMTP server banner. Reject email sent from email addresses that contain any of the next string "porn.com" "online-game.com". Firewall should accept only email to addresses in domain "test.com". Reject emails with more than 10 invalid-recipients. Drop any e-mails that
have a body greater than 35,000 characters.
regex BANNED_EMAILS "(.*porn\.com|.*online-game\.com)"
policy-map type inspect esmtp SMTP_INSPECT
parameters
mail-relay test.com action drop-connection log
match invalid-recipients count gt 10
reset
match sender-address regex BANNED_EMAILS
reset
match body length gt 35000
drop-connection log
3.Create the Layer 3/4 policy map
Restrict number of the SMTP connection to 100. Set the number of half-opened (embryonic connection) for SMTP to 50.
policy-map policy_inside
class SMTP_SERVER
inspect esmtp SMTP_INSPECT
set connection conn-max 100 embryonic-conn-max 50
4.Apply the policy map using a service policy (global or at interface-level)
service-policy policy_inside interface inside
No comments:
Post a Comment