Cisco Cisco Firepower Management Center 4000
25-61
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding SMTP Traffic
Max Command Line Len
Detects when an SMTP command line is longer than this value. Specify
0
to never detect command
line length.
RFC 2821, the Network Working Group specification on the Simple Mail Transfer Protocol,
recommends 512 as a maximum command line length.
recommends 512 as a maximum command line length.
You can enable rule 124:1 to generate events for this option. See
for
more information.
Max Header Line Len
Detects when an SMTP data header line is longer than this value. Specify
0
to never detect data
header line length.
You can enable rules 124:2 and 124:7 to generate events for this option. See
for more information.
Max Response Line Len
Detects when an SMTP response line is longer than this value. Specify
0
to never detect response
line length.
RFC 2821 recommends 512 as a maximum response line length.
You can enable rule 124:3 to generate events for this option. See
for
more information.
Alt Max Command Line Len
Detects when the SMTP command line for any of the specified commands is longer than this value.
Specify
Specify
0
to never detect command line length for the specified commands. Different default line
lengths are set for numerous commands.
This setting overrides the Max Command Line Len setting for the specified commands.
You can enable rule 124:3 to generate events for this option. See
for
more information.
Invalid Commands
Detects if these commands are sent from the client side.
You can enable rule 124:5 and 124:6 to generate events for this option. See
for more information.
Valid Commands
Permits commands in this list.
Even if this list is empty, the preprocessor permits the following valid commands: ATRN AUTH
BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP
IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE SOML STARTTLS
TICK TIME TURN TURNME VERB VRFY XADR XAUTH XCIR XEXCH50 X-EXPS XGEN
XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR
BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP
IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE SOML STARTTLS
TICK TIME TURN TURNME VERB VRFY XADR XAUTH XCIR XEXCH50 X-EXPS XGEN
XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR
Note
RCPT TO and MAIL FROM are SMTP commands. The preprocessor configuration uses
command names of RCPT and MAIL, respectively. Within the code, the preprocessor maps
RCPT and MAIL to the correct command name.
command names of RCPT and MAIL, respectively. Within the code, the preprocessor maps
RCPT and MAIL to the correct command name.