Cisco Cisco Firepower Management Center 4000

Protection

You can use the SMTP Configuration page of an intrusion policy to configure SMTP normalization. For 
more information on SMTP preprocessor configuration options, see 

Admin/Intrusion Admin

Select 

The Intrusion Policy page appears.

Click the edit icon (

) next to the policy you want to edit.

If you have unsaved changes in another policy, click 

 to discard those changes and continue. See 

 for information on saving unsaved changes in another 

policy.

The Policy Information page appears.

Click 

 in the navigation panel on the left.

The Advanced Settings page appears.

You have two choices, depending on whether 

 under Application Layer Preprocessors 

is enabled:

If the configuration is enabled, click 

.

If the configuration is disabled, click 

, then click 

.

The SMTP Configuration page appears. The following graphic shows the Defense Center packet view. 
A message at the bottom of the page identifies the intrusion policy layer that contains the configuration. 
See 

 for more information.

Specify the 

 where SMTP traffic should be decoded, separated by commas. 

Select 

 to examine reassembled TCP streams containing SMTP packets. Clear 

to inspect only unreassembled SMTP packets.

Configure the normalization options:

To normalize all commands, select 

.

To normalize only commands specified by 

, select 

 and specify the commands 

to normalize. Separate commands with spaces.

To normalize no commands, select 

.

To ignore mail data except for MIME mail header data, check 

.

To ignore data encrypted under the Transport Security Layer protocol, check 

.

To disable generating events when accompanying preprocessor rules are enabled, check 

.

To detect unknown commands in SMTP data, select 

.

Specify a maximum command line length in the 

field. 

Specify a maximum data header line length in the 

field. 

Specify a maximum response line length in the 

field.