For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Josh_Hildebran1's avatar
Josh_Hildebran1
Icon for Nimbostratus rankNimbostratus
Jul 11, 2006

SMTP EHLO response

I'd like to make an iRule that looks for a "EHLO " command and simply responds w/ a particular error message. I've tried to piece together something, but I've come up short, apparently. Can anyon...
application delivery
dev
devops
iRules
rapmaster_c_127's avatar
rapmaster_c_127
Historic F5 Account
Jul 13, 2006
Yes, I tested it. It's working here.

Here is the virtual server:


virtual vmail {
   destination 172.27.138.7:smtp
   snat automap
   ip protocol tcp
   pool mail
   rule muppet
}

Here is the rule:


rule muppet {
   when SERVER_CONNECTED {
        peer { TCP::collect 4 }
    }
    when CLIENT_DATA {
        if { [TCP::payload] starts_with "EHLO" } {
            TCP::respond "500 5.3.3 Unrecognized command\r\n"
            TCP::payload replace 0 [TCP::payload length] ""
        }
        TCP::release
    }
}

And here is the dry run:


Connected to acheron.pdsea.f5net.com (172.27.138.7).
Escape character is '^]'.
220 mail.internal Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Thu, 13 Jul 2006 11:29:26 -0700
EHLO foobar
500 5.3.3 Unrecognized command
HELO foobar
250 mail.internal Hello [172.27.138.6]
^]c
                                                                                     
Connection closed.

Have you associated the rule with the right virtual server?