SMTP-Proxy: General Settings

In the SMTP Proxy Action configuration, you can set basic SMTP-proxy parameters such as idle timeout, message limits, and email message information.

Settings

SMTP Proxy Action general settings in Fireware Web UI

SMTP Proxy Action general settings in Policy Manager

Idle timeout

You can set the length of time an incoming SMTP connection can be idle before the connection times out. The default value is 10 minutes.

Set the maximum email recipients

To set the maximum number of email recipients to which a message can be sent, select this check box. In the adjacent text box that appears, type or select the number of recipients.

The Firebox counts and allows the specified number of addresses through, and then drops the other addresses. For example, if you set the value to 50 and there is a message for 52 addresses, the first 50 addresses get the email message. The last two addresses do not get a copy of the message. The Firebox counts a distribution list as one SMTP email address (for example, [email protected]). You can use this feature to decrease spam email because spam usually includes a large recipient list. When you enable this option, make sure you do not also deny legitimate email.

Set the maximum address length to

To set the maximum length of email addresses, select this check box. In the adjacent text box that appears, type or select the maximum length for an email address in bytes.

Set the maximum email size to

To set the maximum length of an incoming SMTP message, select this check box. In the adjacent text box that appears, type or select the maximum size for each email in kilobytes.

Most email is sent as 7-bit ASCII text. The exceptions are Binary MIME and 8-bit MIME. 8-bit MIME content (for example, MIME attachments) is encoded with standard algorithms (Base64 or quote-printable encoding) to enable them to be sent through 7-bit email systems. Encoding can increase the size of files by as much as 40%. Make sure you set your maximum email size to consider the size of encoded messages.

Set the maximum email line length to

To set the maximum line length for lines in an SMTP message, select this check box. In the adjacent text box that appears, type or select the length in bytes for each line in an email.

Very long line lengths can cause buffer overflows on some email systems. Most email clients and systems send short line lengths, but some web-based email systems send very long lines.

Set the maximum email header size to

To set the maximum size of the email header in an SMTP message, select this check box. In the adjacent text box that appears, type or select the maximum size for each email header in bytes.

Hide Email Server

You can replace MIME boundary and SMTP greeting strings in email messages. These are used by hackers to identify the SMTP server vendor and version.

Select the Message ID and Server Replies check boxes.

If you have an email server and use the SMTP-Incoming proxy action, you can set the SMTP-proxy to replace the domain that appears in your SMTP server banner with a domain name you select.

1. Select the Server Replies and Rewrite Banner Domain check boxes.
2. In the Rewrite Banner Domain text box, type the domain name to use in your banner.

If you use the SMTP-Outgoing proxy action, you can set the SMTP-proxy to replace the domain shown in the HELO or EHLO greetings. A HELO or EHLO greeting is the first part of an SMTP transaction, when your email server announces itself to a receiving email server. To do this, select the Rewrite HELO Domain check box. In the Rewrite HELO Domain text box, type the domain name to use in your HELO or EHLO greeting.

Allow uuencoded attachments

To enable the SMTP-proxy to allow uuencoded attachments to email messages, select this check box. Uuencode is an older program used to send binary files in ASCII text format over the Internet. UUencode attachments can be security risks because they appear as ASCII text files but can actually contain executable files.

Allow BinHex attachments

To enable the SMTP-proxy to allow BinHex attachments to email messages, select this check box. BinHex, which is short for binary-to-hexadecimal, is a utility that converts a file from binary to ASCII format.

Auto-block sources of invalid commands

To add senders of invalid SMTP commands to the Blocked Sites list, select this check box. An invalid SMTP command is a command that is not part of the RFC 821 SMTP specification. A sender can attack the SMTP server by sending the server invalid SMTP commands.

When this check box is selected, the SMTP-proxy adds sources to the Blocked Sites list after they send five or more invalid SMTP commands.

Send a log message when an SMTP command is denied

To send a log message for connection requests that are denied by the SMTP-proxy, select this check box.

Enable logging for reports

To send a log message for each connection request through the SMTP-proxy, select this check box. To create accurate reports on SMTP traffic, you must select this check box.

Override the diagnostic log level for proxy policies that use this proxy action

To specify the diagnostic log level for all proxy polices that use this proxy action, select this check box. Then, from the Diagnostic log level for this proxy action drop-down list, select a log level:

• Error
• Warning
• Information
• Debug

The log level you select overrides the diagnostic log level that is configured for all log messages of this proxy policy type.

For more information about the diagnostic log level, go to Set the Diagnostic Log Level.

Related Topics

About Proxy Policies and ALGs

About the SMTP-Proxy