This implementation describes how to secure SMTP traffic using system defaults. When you create
an SMTP security profile, the BIG-IP
Advanced Firewall Manager (AFM) provides several security checks for
requests sent to a protected SMTP server. When you enable a security check, the system either
generates an alarm for, or blocks, any requests that trigger the security check.
You can configure the SMTP security profile to include the following checks:
- Verify SMTP protocol compliance, as defined in RFC 2821.
- Validate incoming mail using several criteria.
- Inspect email and attachments for viruses.
- Apply rate limits to the number of messages.
- Validate DNS SPF records.
- Prevent directory harvesting attacks.
- Disallow or allow some of the SMTP methods, such as VRFY, EXPN, and ETRN, that spam senders
typically use to attack mail servers.
- Reject the first message from a sender, because legitimate senders retry sending the message,
and spam senders typically do not. This process is known as greylisting. The system
does not reject subsequent messages from the same sender to the same recipient.