Forum Discussion

jhanington_1353's avatar
jhanington_1353
Icon for Nimbostratus rankNimbostratus
May 20, 2014

Need help blocking SMTP connections based off EHLO name

I keep getting attacked from this stupid spam bot script kiddie.   The script is going to our SMTP server and is trying to guess a bunch of typical email addresses but it also somehow got a hold o...
application delivery
devops
iRules
LTM
  • Cory_50405's avatar
    Cory_50405
    May 20, 2014

    Sorry, big oversight on my part. Try this one:

    when CLIENT_ACCEPTED {
 TCP::respond "220\r\n"
 TCP::collect
 }

when CLIENT_DATA {
 set clientpayload [string tolower[TCP::payload]]
 if { $clientpayload contains "ehlo abcd-pc" } {
  reject
 }
}
Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent

Sorry, big oversight on my part. Try this one:

when CLIENT_ACCEPTED {
 TCP::respond "220\r\n"
 TCP::collect
 }

when CLIENT_DATA {
 set clientpayload [string tolower[TCP::payload]]
 if { $clientpayload contains "ehlo abcd-pc" } {
  reject
 }
}
Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent
May 20, 2014
I think this should work.