Applies To:

Show Versions Show Versions

Manual Chapter: Securing SMTP Traffic Using the Default System Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Securing SMTP traffic using system defaults

This implementation describes how to secure SMTP traffic using system defaults. When you create an SMTP security profile, the BIG-IP® Protocol Security Module™ provides several security checks for requests sent to a protected SMTP server. When you enable a security check, the system either generates an alarm for, or blocks, any requests that trigger the security check.

You can configure the Protocol Security Module to perform the following checks:

  • Verify SMTP protocol compliance as defined in RFC 2821.
  • Validate incoming mail using several criteria.
  • Inspect email and attachments for viruses.
  • Apply rate limits to the number of messages.
  • Validate DNS SPF records.
  • Prevent directory harvesting attacks.
  • Disallow or allow some of the SMTP methods, such as VRFY, EXPN, and ETRN, that spam senders typically use to attack mail servers.
  • Reject the first message from a sender, because legitimate senders retry sending the message, and spam senders typically do not. This process is known as greylisting. The system does not reject subsequent messages from the same sender to the same recipient.

Task Summary

Creating an SMTP service profile with security enabled

Use this procedure to enable protocol security for the system-supplied SMTP service profile.
  1. On the Main tab, click Local Traffic > Profiles > Services > SMTP . The SMTP profile list screen opens.
  2. In the Name column, click smtp. The Properties screen for the system-supplied SMTP profile opens.
  3. Select the Protocol Security check box to enable SMTP security checks.
  4. Click Update.

Reviewing violations statistics for security profiles

Protocol Security Module provides statistics and transaction information for each profile that triggers any of the security violations defined by each service profile. If you enable the Alarm flag for a violation and incoming traffic triggers the violation, the Protocol Security Module logs the request, which you can review on the Statistics screen of the Protocol Security Module. If you enable the Block flag for any of the violations, the Protocol Security Module blocks the request.
  1. On the Main tab, click Protocol Security > Statistics . The Protocol Statistics screen opens listing all violations, organized by protocol, with the number of occurrences.
  2. Enter a Support ID if you have one to filter the violations and view one in particular.
  3. Click a violation's hyperlink to see details about the requests causing the violation. On the Statistics screen, in the left column, you can review information regarding the traffic volume for each security profile configured.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)