Forum Discussion
Jon_Strabala_46
Nimbostratus
NimbostratusSMTPproxy example does not work (at least for outlook express)
Hello,
I have tried to run the SMTPproxy example at http://devcentral.f5.com/wiki/default.aspx/iRules/SMTPProxy.html and it almost works but seems to just hang until I manually terminate the client connection or a two minute timeout occurs when sending E-mail via Outlook Express via port 25 to a sendmail server. Not without the I rule the virtual server I set up for SMTP works fine. Note the SMTPproxy is also a default in the iRULE editor on the LTM
Any ideas on what is happening here (Note, the protocol seems to use HELO and so does the iRULE) ? I haven't looked on the wire yet but eventually I will via something like wireshark
- Jon
When I ran code form the sample in my iRULE attached to my virtual server I got the following /var/log/ltm messages
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : 220 BIG-IP SMTP PROXY;
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) HELO SLINKYMALL
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get helo
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(HELO)
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) MAIL FROM:
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get from >
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(MAILFROM)
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) RCPT TO:
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get rcpt >
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(RCPTTO)
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) DATA
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get data
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(2) HELO SLINKYMALL MAIL FROM: RCPT TO: DATA
May 13 08:10:41 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) <220 pls.mailserivce.com ESMTP server ready at Thu, 13 May 2010 11:06:54 -0700 (PDT) (qsi-v5) 250 pls.mailserivce.com Hello 123-47-61-225.static.btelecom.net [123.47.61.225], pleased to meet you 250 2.1.0 ... Sender ok 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >
May 13 08:10:41 local/tmm info tmm[1350]: Rule smtp_proxy : get data 220 <220 pls.mailserivce.com ESMTP server ready at Thu, 13 May 2010 11:06:54 -0700 (PDT) (qsi-v5) 250 pls.mailserivce.com Hello 123-47-61-225.static.btelecom.net [123.47.61.225], pleased to meet you 250 2.1.0 ... Sender ok 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >
** just hangs for two minutes **
May 13 08:12:42 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) <421 4.4.1 collect: unexpected close on connection from 123-47-61-225.static.btelecom.net, from= >
---------------------------
Why I want to do this
I wish to implement via iRULEs a "teergube" (definition below), which would do the following (currently I do not know to correct why to "pause", "delay" or "block" to slow down the data transfer).
c) inspect the SMTP data and for connection inspect the payload such that
each time match the following HELO or EHELO (pipelining) I could be smart
about injected delays and prevent 'spammers' from hogging bandwidth. As an
example.
1. if { [string match -nocase "MAIL FROM:*" [TCP::payload]] } {
block or pause the connection a fixed finite delay like 200ms
on occurrence 2-N this lets the first message go fast.
2. if { [string match -nocase "RCPT TO:*" [TCP::payload]] } {
block or pause the connection a fixed finite delay like 100ms
on occurrence 4-N this lets the first message go fast to a
limited number of users.
Thanks in Advance
Other
Information about what a "teergube" is - basically it seems like a way to "slow" done spammers and tie up their resources while eliminating spam:
http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
http://serverfault.com/questions/60141/is-there-any-point-to-teergrubing-anymore
HamishCirrocumulus
Can you post your iRule?
H