Forum Discussion
jhanington_1353
May 20, 2014Nimbostratus
Need help blocking SMTP connections based off EHLO name
I keep getting attacked from this stupid spam bot script kiddie.
The script is going to our SMTP server and is trying to guess a bunch of typical email addresses but it also somehow got a hold o...
- May 20, 2014
Sorry, big oversight on my part. Try this one:
when CLIENT_ACCEPTED { TCP::respond "220\r\n" TCP::collect } when CLIENT_DATA { set clientpayload [string tolower[TCP::payload]] if { $clientpayload contains "ehlo abcd-pc" } { reject } }
Cory_50405
May 20, 2014Noctilucent
Sorry, big oversight on my part. Try this one:
when CLIENT_ACCEPTED {
TCP::respond "220\r\n"
TCP::collect
}
when CLIENT_DATA {
set clientpayload [string tolower[TCP::payload]]
if { $clientpayload contains "ehlo abcd-pc" } {
reject
}
}
- jhanington_1353May 20, 2014NimbostratusPerfect. Now I just have to figure out how to get devices that don't say "ehlo abcd-pc" to connect. Would I just write this.... ~~~ when CLIENT_DATA { set clientpayload [string tolower[TCP::payload]] if { $clientpayload contains "ehlo abcd-pc" } { reject } else { TCP::release } } ~~~
- Cory_50405May 20, 2014NoctilucentI think this should work.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects