Forum Discussion
AltostratusAllow inbound email only for a specific Domain for SMTP VS- iRule?
Hello Folks,
Can anyone help me by sharing an iRule which only allows if the receiver email address contains my company name? Can I extract RCPT details and control allow / disallow based on the value match?
For eg. abc.com xyz.com should be allowed. Rest should be deny.
Thank you, Darshan
7 Replies
- Kevin_Stewart
Employee
Going out on a limb here, and this is completely untested, but based on the SMTPProxy iRule here:
https://devcentral.f5.com/wiki/iRules.SMTPProxy.ashx
I've made a small modification:
when RULE_INIT { user-defined: local mail domain set static::mydomain "@mydomain.com" } when CLIENT_ACCEPTED { set chelo "" set cfrom "" set crcpt "" TCP::respond "220\r\n" log local0. "client accepted" TCP::collect } when CLIENT_DATA { set cdata [TCP::payload] if { [ string length $cdata ] <= 0 } { return } if { not ( $cdata contains "\r\n" ) } { log local0. "get <$cdata> so far" return } if { $cdata starts_with "HELO" } { set chelo [TCP::payload] log local0. "get helo <$cdata>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $chelo] "" return } if { $cdata starts_with "MAIL FROM:" } { set cfrom [TCP::payload] log local0. "get from <$cfrom>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $cfrom] "" return } if { $cdata starts_with "RCPT TO:" } { set crcpt "$crcpt[TCP::payload]" log local0. "get rcpt <$crcpt>" code inserted to validate receiver domain if { not ( [string tolower $crcpt] contains $static::mydomain ) } { rcpt to domain does not match allowed reject } TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length [TCP::payload]] "" return } if { $cdata starts_with "DATA" } { log local0. "get data <$cdata>" TCP::payload replace 0 0 $chelo$cfrom$crcpt } log local0. "payload [TCP::payload]" TCP::release TCP::collect } when SERVER_CONNECTED { log "server connected" TCP::collect } when SERVER_DATA { set sdata [TCP::payload] if { $sdata starts_with "220" } { log local0. "get data <$sdata>" TCP::payload replace 0 [string length $sdata] "" return } if { $sdata contains "\r\n354 " } { log local0. "get data <$sdata>" TCP::payload replace 0 [string length $sdata] "354\r\n" } if { [ string length $sdata ] <= 0 } { return } log local0. "payload <[TCP::payload]>" TCP::release TCP::collect } when CLIENT_CLOSED { log local0. "client closed" } 
swo0sh_gt_13163Dear Kevin,
Thank you very much. Do you think following, the smaller version would work to achieve the requirement? I made it before I received this one.
when CLIENT_ACCEPTED { set cto "" set cdata "" } when CLIENT_DATA { set cdata [TCP::payload] if { [string match -nocase "RCPT TO:*" $cdata] } { set cto [TCP::payload] set fromaddr [regsub -all \[\\r\\n\\s\] $cto ""] set toaddrs [findstr $toaddrs ":" 1] set todomain [findstr $toaddrs "@" 1] if { [ class match $todomain equals "MailAddrList" ] } { log local0. "Email Accept based on the receipeint email address" TCP::payload replace 0 0 $cto TCP::release TCP::collect else { } drop } } }- Kevin_Stewart
I can't test it, but the logic looks sound.
- swo0sh_gt_13163
Thanks Kevin!
- ebeng_278441
Altocumulus
and did the small one work for you ?
bsbNimbostratus
could you please share the iRule code which would perform below task.
where i would have two pools.
pool 1 should receive mails which are being sent to @firstdomain.com
pool2 should receive mails which are being sent to @seconddomain.com
- bsb
could you please share the iRule code which would perform below task.
where i would have two pools, need to forward traffic to either of the pools based on specific domain
