External SMTP monitor (written in Go)
Problem this snippet solves: We wrote an external SMTP monitor to work around K99840695. It moderatly customizable, supports STARTTLS and has builtin support to test content filtering via EICAR/GTUBE. The code is on Github, auto-generated releases are on the project's [https://github.com/hreese/f5-smtp-monitor/releases](release page). Code : https://github.com/hreese/f5-smtp-monitor Tested this on version: 11.6
Is it possible to use a WideIP to load balance connections to Mail Server (MX Records)
A customer implementation requires load balancing incoming connections to their hosted websites, that works ok. But the problem is with the mail, is it possible to configure F5 to load balance DNS responses between 2 MX records? And if not, what is the best way to load balance incoming mail connections (SMTP) not Web Mail. Thanks in advance
Just upgraded to 12.1 and getting many 'cron' emails?
I just recently upgraded from 11.3 to 12.1 and am for some reason now getting my email appliance spammed with cron job emails. Any idea how to stop this? Since yesterday I have over 2,000 emails queued because the mail server doesn't recognize the domain name. Seems to happen every minute from the two F5 appliances. Example of one email: Sender: root@f5name.fqdn.com Recipient: postmaster@f5name.fqdn.com Subject: Cron /sbin/lsusb -v -d 0451:3410 >/dev/null
Request feedback on my STMP iRule
Long story short, I have been seeing a bunch of brute force SMTP auth attacks on our exchange server. They managed to get a valid username of one of our users so now they are trying a bunch of commonly used passwords to try to break in. After 25 tries, the account gets locked out and the legitimate user cannot read his email until I unlock his account. I noticed that the EHLO command is always the same (EHLO ABC123-PC) so I made an iRule using this the SMTP proxy here but added a couple lines so that if the EHLO message shows up then the connection is dropped. I think this might be overkill for what I want to do but I want the community to weigh in and critique the iRule. My main concern is how much of the BigIP 1600's resources will this take to run? when CLIENT_ACCEPTED { set chelo "" set cfrom "" set crcpt "" TCP::respond "220\r\n" log local0. "client accepted" TCP::collect } when CLIENT_DATA { set cdata [TCP::payload] if { [ string length $cdata ] <= 0 } { return } if { not ( $cdata contains "\r\n" ) } { log local0. "get <$cdata> so far" return } if { $cdata starts_with "EHLO ABC123-pc" }{ reject } if { $cdata starts_with "HELO" } { set chelo [TCP::payload] log local0. "get helo <$cdata>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $chelo] "" return } if { $cdata starts_with "MAIL FROM:" } { set cfrom [TCP::payload] log local0. "get from <$cfrom>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $cfrom] "" return } if { $cdata starts_with "RCPT TO:" } { set crcpt "$crcpt[TCP::payload]" log local0. "get rcpt <$crcpt>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length [TCP::payload]] "" return } if { $cdata starts_with "DATA" } { log local0. "get data <$cdata>" TCP::payload replace 0 0 $chelo$cfrom$crcpt } log local0. "payload [TCP::payload]" TCP::release TCP::collect } when SERVER_CONNECTED { log "server connected" TCP::collect } when SERVER_DATA { set sdata [TCP::payload] if { $sdata starts_with "220" } { log local0. "get data <$sdata>" TCP::payload replace 0 [string length $sdata] "" return } if { $sdata contains "\r\n354 " } { log local0. "get data <$sdata>" TCP::payload replace 0 [string length $sdata] "354\r\n" } if { [ string length $sdata ] <= 0 } { return } log local0. "payload <[TCP::payload]>" TCP::release TCP::collect } when CLIENT_CLOSED { log local0. "client closed" }SMTP domain Whitelist Allow SMTP request based on MAIL FROM on serverside
Hello iRule experts, I am an irule beginner and I need some help.I have a datagroupe that contains more than 200 domain . I need route mail based on the domain found in the FROM header . My irule must verify if this domain has been properly Whitelisted by checking the datagroupe . My Irule Work when I'm using SMTP in cleartext without starttls activated on smtps profil . But with SMTP STARTTLS activated it's not work .So I'm want to check the mail from on Serverside because it using SMTP without Starttls . CLIENT-----:Port25(allow Starttls)F5--->SMTP(ClearText):Port25-->SERVER Here is my Irule that check MAIL FROM on CLIENT SIDE : Only Work if I use SMTP without Starttls configured on SMTPS profile when CLIENT_ACCEPTED { set cto "" set cdata "" log local0. "Connexion de [IP::remote_addr]" LB::connect TCP::collect set hsl [HSL::open -proto UDP -pool splunk.lab.local] set client_ip [IP::client_addr] } when CLIENT_DATA { log local0. "CLIENT_DATA" set cdata [TCP::payload] log local0. "cdata : $cdata" set hsl [HSL::open -proto UDP -pool splunk.lab.local] if { [string match -nocase "MAIL FROM:*" $cdata] } { log local0. "domaine : $cdata" set fromaddr [regsub -all \[\\r\\n\\s\] $cdata ""] log local0. "domaine : $fromaddr" set fromaddr [findstr $fromaddr ":" 1] log local0. "domaine : $fromaddr" set fromdomain [findstr $fromaddr "@" 1] log local0. "domaine : $fromdomain" if { [ class match [string tolower $fromdomain] contains "MailAddrList2" ] } { TCP::payload replace 0 0 $cto pool /Common/SMTP_POOL log local0. "Email Accept based on the recipient email address" log local0.info "domaine, $fromdomain, accepted , real client ip is : $client_ip" HSL::send $hsl "<190> domaine, $fromdomain , accepted, real client ip is : $client_ip \n" HSL::send $cdata "<190>domaine, $fromdomain , accepted" } else { reject log local0. "Domain not allowed please contact your administrator " HSL::send $hsl "<190> domaine, $fromdomain , not accepted, real client ip is : $client_ip \n" } } TCP::release TCP::collect } when SERVER_CONNECTED { log local0. "Connexion au serveur" TCP::collect } when SERVER_DATA { log local0. "sdata : [TCP::payload]" TCP::release `text` TCP::collect } Many thanks in advance HermannBigip mgmt port using tls 1.0 for smtp connection
Hi, We running 15.1.5.1 We did the smtp config from GUI and used the test button - we usue mgmt port for this config - it keeps using tls 1.0 but our mimecast server supports tls 1.2, how can i make the mgmt port use tls 1.0 for this connection? The client hello shows it using tls 1.0.. i cant find any option to change this!
Bit Bucket for SMTP Traffic
I'm looking for a solution that basically accepts SMTP connections, but sends all mail to a bit bucket -- almost like a /dev/null. The problem im running into, is I cant just use a simple irule that "drops" or "rejects" the traffic. I would need to accept the connection and somehow find a way to spoof the initial EHLO response from the f5. Any suggestions would be greatly appreciated.
Delegation of Address List for SMTP VIP
Our mail administrators currently manage IP lists on our SMTP servers for who is allowed to relay email within our organization. We'd like to move the SMTP servers behind our F5 (running version 16). Since this will be a one-armed config, the IP lists on the servers will no longer be respected. I am wondering if there is a way to only grant the mail admins access to manage the address list on the F5 and apply that to the VIP or if there is a way for them to manage an external address list that can be imported or called by an iRule? Thanks, Rob
SMTP issue
We have upgraded our exchange environment from 2013 to 2019. Now we have co-existence environment with 2013 and 2019. We are using f5 as load balancer for email. The problem is that Outlook & web over http is working fine. But secure SMTP (TLS) service for pop & Imap is not working through f5 load balancer. It is working directly through the server. What may be the issue f5 virtual server configuration. I request a kind support from this community. Regards Ashraf
Monitor email queue on SMTP server
I need some help in creating a custom monitor that will probe the SMTP servers and check for the email queue length. If its above threshold, take the server out of load balancing algorithm until the queue is cleared. This is to alleviate the issue of emails being queued in one Data Center for some unknown reason. The idea is divert the email traffic to another Data Center if emails are queuing up in one Data Center. I believe this can be achieved via an external monitor using SNMP? or any other thoughts?