Chapter 22
Applying Application Layer Protocol Inspection
(Optional) To match the type of MIME encoding scheme used, enter the following command:
m.
hostname(config-pmap-p)# match mime encoding [7bit|8bit|base64|binary|others|
quoted-printable]
(Optional) To match the MIME filename length, enter the following command:
n.
hostname(config-pmap-p)# match mime filename length gt length
Where length is the length of the filename in the range 1 to 1000.
o.
(Optional) To match the MIME file type, enter the following command:
hostname(config-pmap-p)# match mime filetype regex [name | class name]
Where name or class name is the regular expression that matches a file type or a class map. The
regular expression used to match a class map can select multiple file types.
p.
(Optional) To match a sender address, enter the following command:
hostname(config-pmap-p)# match sender-address regex [name | class name]
Where name or class name is the regular expression that matches a sender address or a class map.
The regular expression used to match a class map can select multiple sender addresses.
(Optional) To match the length of a sender's address, enter the following command:
q.
hostname(config-pmap-p)# match sender-address length gt length
Where length is the number of characters in the sender's address.
The following example shows how to define an ESMTP inspection policy map.
hostname(config)# regex user1 "user1@cisco.com"
hostname(config)# regex user2 "user2@cisco.com"
hostname(config)# regex user3 "user3@cisco.com"
hostname(config)# class-map type regex senders_black_list
hostname(config-cmap)# description "Regular expressions to filter out undesired senders"
hostname(config-cmap)# match regex user1
hostname(config-cmap)# match regex user2
hostname(config-cmap)# match regex user3
hostname(config)# policy-map type inspect esmtp advanced_esmtp_map
hostname(config-pmap)# match sender-address regex class senders_black_list
hostname(config-pmap-c)# drop-connection log
hostname(config)# policy-map outside_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# inspect esmtp advanced_esmtp_map
hostname(config)# service-policy outside_policy interface outside
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
ESMTP Inspection
22-29