Yes, I tested it. It's working here.
Here is the virtual server:
virtual vmail {
destination 172.27.138.7:smtp
snat automap
ip protocol tcp
pool mail
rule muppet
}
Here is the rule:
rule muppet {
when SERVER_CONNECTED {
peer { TCP::collect 4 }
}
when CLIENT_DATA {
if { [TCP::payload] starts_with "EHLO" } {
TCP::respond "500 5.3.3 Unrecognized command\r\n"
TCP::payload replace 0 [TCP::payload length] ""
}
TCP::release
}
}
And here is the dry run:
Connected to acheron.pdsea.f5net.com (172.27.138.7).
Escape character is '^]'.
220 mail.internal Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Thu, 13 Jul 2006 11:29:26 -0700
EHLO foobar
500 5.3.3 Unrecognized command
HELO foobar
250 mail.internal Hello [172.27.138.6]
^]c
Connection closed.
Have you associated the rule with the right virtual server?