Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Why are SMTP Filters not set to Recommended?

    • Updated:
    • 4 Oct 2017
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint NGFW All
    • TippingPoint SMS All
    • TippingPoint TPS All
    • TippingPoint Virtual SMS
    • TippingPoint Virtual TPS All
    • Platform:
Summary
Many customers have asked why the TippingPoint SMTP DV filters are not set to a category action of "Recommended". "Recommended" filters (for the most part) are enabled by default to an action set of "Block/--" or "Block/Notify". Under normal circumstances, this "block" action is the desired outcome; however, with SMTP communications, this "block" action can have undesired consequences.
Details
Public

Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks that utilize the TCP protocol for delivery e-mail data. SMTP utilizes Mail Transfer Agents (MTAs) to deliver the email messages to the intended recipient. A new email message created by an email application is first sent to an SMTP server configured for use by the email application.

The sending SMTP server, acting as an MTA, looks at the delivery address (i.e. vip@company.com) and determines the IP address of the SMTP server for "company.com". The sending MTA then sends the email message using the SMTP protocol to the receiving MTA again utilizing port 25. The SMTP server for "company.com" then stores the message for retrieval by its intended recipient.

If the email message or its payload contains something malicious which causes the DV filter to fire, the IPS will "block" the TCP stream between the MTAs. Unfortunately, this action results in not only blocking the offending email message but will also blocking all other pending messages for delivery between the two MTAs. This will cause all messages traffic to be blocked between the two MTAs. This "block" action will remain in effect until the specific filter is disabled or the offending email message is deleted at the sending MTA.

Email is considered by many to be a Mission Critical Application. Blocking all messages from or to an SMTP server can cause serious problems for the Network/Security administrators. For this reason, it was decided that all SMTP filters should NOT be set to "Recommended" (i.e. on by default), but should be explicitly enabled by the Network/Security administrators who were most knowledgeable and responsible for the safe and efficient operation of the network.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000091070
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.