Re: Only permit outbound SMTP traffic from Icewarp MailServer
☼ Best Answerby CodeMonkey 2017/10/02 08:36:43
Here's an example of an SMTP session without encryption (or if encryption is enabled, after it is decrypted).
The server will send a packet banner in the beginning. If information about the mail server is not removed, that can be used as a pattern to identify in a signature.
If the mail server decides to remove the packet banner (a common move to avoid providing unnecessary detail about the server to anyone), the Fortigate will go further down and identify the session after the "HELO" or "EHLO" request. In this case, you can use the email address @xxxx.com to identify the mail server that you are using, e.g. icewarp.com.
E.g custom app control signature:
F-SBID( --name "SMTP_Dot.Net"; --protocol tcp; --app_cat 21; --weight 20; --service SMTP; --flow from_server; --pattern "dotnetzone.com"; --context header; --no_case; )
Hope this helps.