Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks that utilize the TCP protocol for delivery e-mail data. SMTP utilizes Mail Transfer Agents (MTAs) to deliver the email messages to the intended recipient. A new email message created by an email application is first sent to an SMTP server configured for use by the email application.
The sending SMTP server, acting as an MTA, looks at the delivery address (i.e. firstname.lastname@example.org) and determines the IP address of the SMTP server for "company.com". The sending MTA then sends the email message using the SMTP protocol to the receiving MTA again utilizing port 25. The SMTP server for "company.com" then stores the message for retrieval by its intended recipient.
If the email message or its payload contains something malicious which causes the DV filter to fire, the IPS will "block" the TCP stream between the MTAs. Unfortunately, this action results in not only blocking the offending email message but will also blocking all other pending messages for delivery between the two MTAs. This will cause all messages traffic to be blocked between the two MTAs. This "block" action will remain in effect until the specific filter is disabled or the offending email message is deleted at the sending MTA.
Email is considered by many to be a Mission Critical Application. Blocking all messages from or to an SMTP server can cause serious problems for the Network/Security administrators. For this reason, it was decided that all SMTP filters should NOT be set to "Recommended" (i.e. on by default), but should be explicitly enabled by the Network/Security administrators who were most knowledgeable and responsible for the safe and efficient operation of the network.