Forum Discussion
jhanington_1353
May 20, 2014Nimbostratus
Need help blocking SMTP connections based off EHLO name
I keep getting attacked from this stupid spam bot script kiddie.
The script is going to our SMTP server and is trying to guess a bunch of typical email addresses but it also somehow got a hold o...
- May 20, 2014
Sorry, big oversight on my part. Try this one:
when CLIENT_ACCEPTED { TCP::respond "220\r\n" TCP::collect } when CLIENT_DATA { set clientpayload [string tolower[TCP::payload]] if { $clientpayload contains "ehlo abcd-pc" } { reject } }
Cory_50405
Noctilucent
Sorry, big oversight on my part. Try this one:
when CLIENT_ACCEPTED {
TCP::respond "220\r\n"
TCP::collect
}
when CLIENT_DATA {
set clientpayload [string tolower[TCP::payload]]
if { $clientpayload contains "ehlo abcd-pc" } {
reject
}
}
jhanington_1353
May 20, 2014Nimbostratus
Perfect. Now I just have to figure out how to get devices that don't say "ehlo abcd-pc" to connect.
Would I just write this....
~~~
when CLIENT_DATA {
set clientpayload [string tolower[TCP::payload]]
if { $clientpayload contains "ehlo abcd-pc" } {
reject
} else {
TCP::release
}
}
~~~
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects