bman_12685
Jun 01, 2012Nimbostratus
smtp irule for access control
Hello,
I am trying to either preserve the source ip information so that existing smtp rules and greylists continue to work but ensure fault tolerance by placing smtp servers befind an f5 vip, I have a test pair of f5's and have tried the following
setup vip with irule posted below
when CLIENT_ACCEPTED {
if { [matchclass [IP::remote_addr] equals smtp_relay_allowed] } {
pool mail_pool
} else {
reject
}
}
the part that says "equals smtp_relay_allowed" is a data group list which has the ip ranges for some of my networks.
the behavior is that it is simply rejecting connections when the irule is in place if a telnet connection is issued to the lb, this would seem to be in line with the rule since it would connect to the lb and then since have the src ip of the lb reject the connection however is there a way to verify this? is this type of rule being used or is there a better way?