For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Josh_Hildebran1's avatar
Josh_Hildebran1
Icon for Nimbostratus rankNimbostratus
Jul 11, 2006

SMTP EHLO response

I'd like to make an iRule that looks for a "EHLO " command and simply responds w/ a particular error message. I've tried to piece together something, but I've come up short, apparently. Can anyon...
application delivery
dev
devops
iRules
Josh_Hildebran1's avatar
Josh_Hildebran1
Icon for Nimbostratus rankNimbostratus
Jul 12, 2006
Hmm.. Thanks for the pointers. Unfortunately, it's still not doing what I need.

The goal is to hijack the TCP stream between a webserver that is behind the F5 (internal) as it communicates to an SMTP server that is external to the F5's.

The SMTP server is reached through a VIP on the F5:

virtual smtptest_from_internal {
   destination 172.20.140.26:smtp
   ip protocol tcp
   pool smtp_testpool
   rule FixUP-SMTP
   vlans internal enable
}

which uses the rule of


rule FixUP-SMTP {
  when CLIENT_ACCEPTED {
    TCP::collect}
  when CLIENT_DATA {
    if { [TCP::payload] contains "EHLO " } {
      TCP::respond "500 5.3.3 Unrecognized command\r\n"
      reject
    }
    TCP::release
  }
}

But when I connect to 172.20.140.26 on port 25, and issue the EHLO command this is what I get:

220 *********************************
EHLO EXDEMO
502 Error: command not implemented

Any other ideas?