Forum Discussion
george_daly_105
Nimbostratus
NimbostratusProblem with iRule to reject mail based on SMTP response
Trying (and failing) to get this iRule working. The aim is that when a client connects and the server response contains (or starts with) 554 the BigIP sends a message back to the client and drops the connection. Have applied this iRule to one of our SMTP virtuals but it isn't doing much.
Eventually we want to log the source IPs and then use that log to blackhole further connection attempts but at the moment I'm just trying to prove the basic concept works!
Newbie iRule:
when SERVER_CONNECTED {
TCP::collect 16
}
when SERVER_DATA {
set sdata [TCP::payload]
if { $sdata contains "554" } {
TCP::respond "550 Message Rejected - Too much spam\r\n"
TCP::release
TCP::close
drop
return
}
}
when SERVER_CLOSED {
TCP::release
}
Any suggestions much appreciated!!
Cheers,
George
george_daly_105Thanks Jo :-)
I've tried using the suggested code, still not working and no logfile is created in /var/log - where is the logfile supposed to be created?
Thanks,
George- george_daly_105Ah I can see the log entries in /var/log/ltm, cool.
Looks like our SMTP servers are replying with their HELO banner and the 554 response isn't generated until after the client sends RCPT_TO, I'll play with the iRule and update when its working.