Hi Tyson The police query was for SMTP only. Why should we inspect the SMTP traffic that should be just policed?
In the case of email with domain "king.com", the user ids will be like [email protected], [email protected]. Will "regex king "king.com", match the above user ids? With regards Kings On Tue, Jan 19, 2010 at 9:00 PM, Tyson Scott <[email protected]> wrote: > Kingsley, > > > > The problems with "regex "*king.com"" is that you will match viking.com, > stocking.com, ...king.com. The solution says to match on the specific > domain thus the solution is what is required. > > > > inspect is needed with the police action if you want to hold smtp to the > rules of the protocol without it, it will just be inspected as regular TCP > traffic. I am assuming it is smtp you are speaking of as I don't remember > the question off the top of my head. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Tuesday, January 19, 2010 8:01 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Section 1.11 MPF > > > > Hi all > > > > The question says that SMTP should be checked for the domain. I have the > following questions: > > > > 1) Which domain is to be considered, the local domain or sender's domain. > If it is the local domain, then the following solution is correct: > > > > policy-map type inspect esmtp mail > parameters > mail-relay king.com action drop-connection > > > > 2)If we need match the domain in sender's address, isn't the following the > correct solution? > > > > > > regex king ".*king.com" > > > > policy-map type inspect esmtp mail > parameters > match sender-address regex king > reset > > > > > > *Solution given in the work book* > > > > > > regex king "king.com" > > > > policy-map type inspect esmtp mail > parameters > match sender-address regex king > reset > > > > > > > > > > With regards > > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
