Forum Discussion

Russell_77729's avatar
Russell_77729
Icon for Nimbostratus rankNimbostratus
May 22, 2012

SMTP relay

I have three SMTP servers to load balance and I want to create an iRule to restrict SMTP access at the F5 instead of having to maintain the relay list on all three servers. I have look at the codeshare but none of them really address this. Any help or guidance would be appreciated.

 

application delivery
dev
devops
iRules
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    May 23, 2012
    Hi Russell,

    I am guessing that you want to restrict them by IP Address or Subnet? You could use a matchclass if you are using BIG-IP v9.x.x or earlier class match if you are using v10.0.0 or later.

    You simply create an iRule Datagroup and allow or deny based on the contents of the Datagroup.

    Example: 

    
when CLIENT_ACCEPTED {
   if { [class match [IP::client_addr] equals allowednetworks] } {
       pool matching.pool.name
   }
}

    Hope this helps.
  • bman_12685's avatar
    bman_12685
    Icon for Nimbostratus rankNimbostratus
    Jun 01, 2012
    the question i have for this , is how to test this? I have implemented a simliar ruleset along with first setting the smtp proxy, yet a manual test by telneting to port 25 is rejected as such im hesitant to put this rule into production.

     

     

    ideas?
  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    Jun 05, 2012
    Any easy way to test instead of the reject command you can log if you would have rejected the traffic. If you keep the rules on the servers durning this time you should have a list of what the LTM would have rejected.