THE_BLUE
Jun 28, 2021Cirrostratus
Solved
F5 and anti-spam
is there any policy in F5 that help me to filter mails and works as anti spam ? if yes then how can i configure it ? or it is require license ?
Dear Nikoolayy1,
the ip intelligence is already activated and I'm looking for extra layer. thanks a lot.
About the irule I don't think there is exactly what you are looking for but probably it could be written but it will take a lot of time to capture the traffic with TCP::collect and to match on the "From: user@domain.com" value in the emails but I admit don't have a use case to try do it. This is why I gave you the example with the iRule with smtp-filter-and-proxy.
For PTR if your device is not the DNS/GTM you may extract the needed value from the email payloadd and with the "RESOLV::lookup" to check it as I don't know if ''NAME::lookup'' supports PTR resolution:
https://clouddocs.f5.com/api/irules/resolv__lookup.html
https://clouddocs.f5.com/api/irules/NAME__lookup.html
A good note is you can use free feed lists as alternative to the F5 URLDB service for the SWG module like Minemelt if you have AFM you can add custom feed lists and if not you may check the tabul CVS importer iRule that I also use for some things.
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld
https://devcentral.f5.com/s/articles/csv-tabular-data-sideband-importer
https://devcentral.f5.com/s/articles/populating-tables-with-csv-data-via-sideband-connections