This implementation describes how to secure SMTP traffic using system defaults. When you create
an SMTP security profile, the BIG-IP®
Protocol Security Manager™ provides several security checks for requests sent
to a protected SMTP server. When you enable a security check, the system either generates an
alarm for, or blocks, any requests that trigger the security check.
You can configure the Protocol Security Manager to perform the following checks:
- Verify SMTP protocol compliance as defined in RFC 2821.
- Validate incoming mail using several criteria.
- Inspect email and attachments for viruses.
- Apply rate limits to the number of messages.
- Validate DNS SPF records.
- Prevent directory harvesting attacks.
- Disallow or allow some of the SMTP methods, such as VRFY, EXPN, and ETRN, that spam senders
typically use to attack mail servers.
- Reject the first message from a sender, because legitimate senders retry sending the message,
and spam senders typically do not. This process is known as greylisting. The system
does not reject subsequent messages from the same sender to the same recipient.