Simple Mail Transfer Protocol cisco

Simple Mail Transfer Protocol

Similar to FTP and DNS inspection, appliance analysis of Simple Mail

Transfer Agreement (SMTP), additionally accustomed as Mail Guard, is advised to bind what

servers and audience can do and see while not harming the capital functionality of

the protocol—sending cyberbanking mail.

SMTP is declared in RFC 821 as a Telnet-based agreement advised for transferring

electronic mail amid servers.The applicant sends commands to the server,

and the server replies with cachet letters and apparently some added information.

In essence, it is actual simple:There are commands for allegorical a almsman of the

message, the sender, and the bulletin itself. An archetype of an SMTP affair is

shown in Figure 4.6.

Figure 4.6 An SMTP Session

Server: 220 Simple Mail Transfer Service Ready

Client: HELO example1.com

Server: 250 OK

Client: MAIL FROM:

Server: 250 OK

Client: RCPT TO:

Server: 250 OK

Client: RCPT TO:

Server: 550 No such user here

Client: DATA

Server: 354 Alpha mail input; end with .

Client: Banausic banausic blah...

Client: ...foobar.

Client: .

Server: 250 OK

Client: QUIT

Server: 250 OK

This archetype shows the affair in which the applicant approved to accelerate e-mail

from Alice@example1.com to Bob@example2.com, which was accepted, and to

John@example2.com, which was alone because a user was not found.

www.syngress.com

Advanced PIX Configurations • Chapter 4 149

These commands (HELO, MAIL, RCPT, DATA, and QUIT), calm with a

couple of ascendancy commands (NOOP, do nothing, and RSET, displace state) make

up a basal set appropriate by RFC 821, area 4.5.1.

Mail Guard is angry on by absence on anchorage 25 and can be reconfigured using

the afterward command:

[no] fixup agreement smtp [[-]]

This command functions in the aforementioned way as fixup agreement ftp except that it is

possible to specify a ambit of TCP ports instead of alone one.

WARNING

When administration a basal command set, the PIX causes some problems

with Microsoft Exchange servers and Outlook clients. The botheration here

is that Microsoft’s accomplishing of SMTP is not carefully RFC 821 compliant

and uses the EHLO command instead of HELO to alpha a connection.

The PIX changes this command to NOOP, so the server simply

returns a “250 OK” reply, which is interpreted as a acceptance that the

server supports SMTP extensions. Consequently, audience do not abatement back

to the HELO command and abide application continued appearance (see RFC

2821), which are blocked by the PIX. Most non-Microsoft clients, though,

after accepting a simple “250 OK” acknowledgment instead of a added informative

EHLO response, do abatement aback to the HELO appearance of operations and everything

works well.

The capital ambition of Mail Guard is to bind commands audience use to the minimal

set described, while ecology the absolute command/response arrangement and

generating a specific analysis trail. In detail:

 Mail Guard monitors commands beatific by a client, and if a command does

not accord to the basal set, it is replaced with the NOOP command.

 If Mail Guard encounters an alien command, the accomplished abstracts portion

of a TCP/IP packet is abounding with the X symbol, which, when

received by a server, causes the server to aftermath an error.

 MAIL and RCPT commands are monitored for actual acceptance of <, >,

and | characters.The activity appearance | is replaced with a space, and <

and > are accustomed alone back they arise as delimiters of an e-mail

address.When an invalid appearance is replaced in the e-mail address, audit

record 108002 is generated.

www.syngress.com

150 Chapter 4 • Advanced PIX Configurations

 Mail Guard checks for truncated or afield concluded commands

(ones that do not end with ).

 In a banderole message—for example, “220 foobar email server ready”—all

symbols except “220” are afflicted to X.This is done in adjustment to hide

details about the server belvedere or operating system, which are often

reported in these banners.