28-Jun-2021 00:18
is there any policy in F5 that help me to filter mails and works as anti spam ? if yes then how can i configure it ? or it is require license ?
Solved! Go to Solution.
01-Jul-2021
02:04
- last edited on
24-Mar-2022
01:26
by
li-migration
Provided what you are looking for under:
28-Jun-2021 00:58
I don't think so. The only feature that can help a little is the ip intelligence as it will block bad source ip addresses from bad domains.
https://clouddocs.f5.com/api/irules/IP-reputation.html
F5 had a MSM module but that was a long time ago:
https://www.f5.com/content/dam/f5/corp/global/pdf/white-papers/msm-wp.pdf
28-Jun-2021 01:01
Dear Nikoolayy1,
the ip intelligence is already activated and I'm looking for extra layer. thanks a lot.
28-Jun-2021 01:09
If don't want to buy another device you may consider SMTP relay services like SendGrid etc. that are cloud based offerings. Symantec even has Email Security.cloud but from F5 point I think that they have given up on this market :
28-Jun-2021 11:09
Also I just renembered that you can use the URLDB for the SWG module to filter based on FQDN/Domain names:
https://devcentral.f5.com/s/question/0D51T00008GXZw0/is-there-f5-ip-intelligence-based-on-domainfqdn-domain-intelligence
Still you will need to see if you can do this for the SMTP traffic and it will be hard work and maybe not worth the efford:
https://devcentral.f5.com/s/articles/smtp-filter-and-forward-proxy
28-Jun-2021 22:30
So is that mean, i can create data group contains all blacklist domain then create irule to check the blacklist domains and it will be assigned to email VS ?!
how to write the irule ?
28-Jun-2021 22:46
and is it possible to check PTR using irule !
29-Jun-2021 00:56
About the irule I don't think there is exactly what you are looking for but probably it could be written but it will take a lot of time to capture the traffic with TCP::collect and to match on the "From: user@domain.com" value in the emails but I admit don't have a use case to try do it. This is why I gave you the example with the iRule with smtp-filter-and-proxy.
For PTR if your device is not the DNS/GTM you may extract the needed value from the email payloadd and with the "RESOLV::lookup" to check it as I don't know if ''NAME::lookup'' supports PTR resolution:
https://clouddocs.f5.com/api/irules/resolv__lookup.html
https://clouddocs.f5.com/api/irules/NAME__lookup.html
A good note is you can use free feed lists as alternative to the F5 URLDB service for the SWG module like Minemelt if you have AFM you can add custom feed lists and if not you may check the tabul CVS importer iRule that I also use for some things.
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld
https://devcentral.f5.com/s/articles/csv-tabular-data-sideband-importer
https://devcentral.f5.com/s/articles/populating-tables-with-csv-data-via-sideband-connections
29-Jun-2021 04:21
many thanks i will check that.
29-Jun-2021 10:30
Another helpfull article like the one for the SMTP proxy:
https://devcentral.f5.com/s/question/0D51T00006j2p4a/logging-smtp-traffic-info-via-hsl-to-remote-log-server
Also you may try using a Stream profile than TCP::collect or SSL::collect for encrypted SMTP traffic as mentioned in:
29-Jun-2021 23:19
many thanks, your support is highly appreciated.
01-Jul-2021
02:04
- last edited on
24-Mar-2022
01:26
by
li-migration
Provided what you are looking for under: