Cisco Cisco FirePOWER Appliance 8130
25-60
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Decoding SMTP Traffic
Note also that when the values for the
Base64 Decoding Depth
,
7-Bit/8-Bit/Binary Decoding Depth
,
Quoted-Printable Decoding Depth
, or
Unix-to-Unix Decoding Depth
options are different in an intrusion policy
associated with the default action of an access control policy and intrusion policies associated with
access control rules, the highest value is used. See
access control rules, the highest value is used. See
, and
for more information.
If no preprocessor rule is mentioned, the option is not associated with a preprocessor rule.
Ports
Specifies the ports whose SMTP traffic you want to normalize. You can specify an integer from 0 to
65535. Separate multiple ports with commas.
65535. Separate multiple ports with commas.
Note
Any port you add to the SMTP
Ports
list should also be added to the TCP client reassembly
list for each TCP policy. For more information on configuring TCP reassembly ports, see
Stateful Inspection
When selected, causes SMTP decoder to save state and provide session context for individual
packets and only inspects reassembled sessions. When cleared, analyzes each individual packet
without session context.
packets and only inspects reassembled sessions. When cleared, analyzes each individual packet
without session context.
Normalize
When set to All, normalizes all commands. Checks for more than one space character after a
command.
command.
When set to None, normalizes no commands.
When set to Cmds, normalizes the commands listed in
Custom Commands
.
Custom Commands
When
Normalize
is set to Cmds, normalizes the listed commands.
Specify commands which should be normalized in the text box. Checks for more than one space
character after a command.
character after a command.
The space (ASCII 0x20) and tab (ASCII 0x09) characters count as space characters for
normalization purposes.
normalization purposes.
Ignore Data
Does not process mail data; processes only MIME mail header data.
Ignore TLS Data
Does not process data encrypted under the Transport Layer Security protocol.
No Alerts
Disables intrusion events when accompanying preprocessor rules are enabled.
Detect Unknown Commands
Detects unknown commands in SMTP traffic.
You can enable rules 124:5 and 124:6 to generate events for this option. See
for more information.