Cisco Cisco Firepower Management Center 4000

Page of 1844
 
25-61
FireSIGHT System User Guide
 
Chapter 25      Using Application Layer Preprocessors
  Decoding SMTP Traffic
Max Command Line Len
Detects when an SMTP command line is longer than this value. Specify 
0
 to never detect command 
line length.
RFC 2821, the Network Working Group specification on the Simple Mail Transfer Protocol, 
recommends 512 as a maximum command line length.
You can enable rule 124:1 to generate events for this option. See 
 for 
more information.
Max Header Line Len 
Detects when an SMTP data header line is longer than this value. Specify 
0
 to never detect data 
header line length. 
You can enable rules 124:2 and 124:7 to generate events for this option. See 
 for more information.
Max Response Line Len
Detects when an SMTP response line is longer than this value. Specify 
0
 to never detect response 
line length.
RFC 2821 recommends 512 as a maximum response line length.
You can enable rule 124:3 to generate events for this option. See 
 for 
more information.
Alt Max Command Line Len
Detects when the SMTP command line for any of the specified commands is longer than this value. 
Specify 
0
 to never detect command line length for the specified commands. Different default line 
lengths are set for numerous commands. 
This setting overrides the Max Command Line Len setting for the specified commands.
You can enable rule 124:3 to generate events for this option. See 
 for 
more information.
Invalid Commands
Detects if these commands are sent from the client side.
You can enable rule 124:5 and 124:6 to generate events for this option. See 
 for more information.
Valid Commands
Permits commands in this list. 
Even if this list is empty, the preprocessor permits the following valid commands: ATRN AUTH 
BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP 
IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE SOML STARTTLS 
TICK TIME TURN TURNME VERB VRFY XADR XAUTH XCIR XEXCH50 X-EXPS XGEN 
XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR 
Note
RCPT TO and MAIL FROM are SMTP commands. The preprocessor configuration uses 
command names of RCPT and MAIL, respectively. Within the code, the preprocessor maps 
RCPT and MAIL to the correct command name.