How to send statistics for a specific pool by email
Hello, We need to send this specific view, as shown below, by email every two hours We need have the status of a specific virtual server, the related pool, with the pool members' status and statistics every two hours What I mean by statistics here is like what we see in BIG IP GUI, as below Bits (In/Out) Packets (In/Out) Connections (Current/Maximum/Total) Requests (Total) How can it be done from BIG IQ if exist and how can it be done from BIG IP itself?F5 APM 2FA through SMTP
Hello, We need to perform 2FA but by using F5 only, we don't have other MFA solutions like Duo, Google Authenticator,.... So can we use F5 to generate token and send it to the user using his email address, (So a token can be generated and by iRule sent to the user email address through SMTP?) Currently, we are using internal DB for users so inside it we can add user's email address Then, F5 APM verifies the token? Please provide your feedback and the configuration required to do that. We know that in VPE there is generate and validate token, so we need to use them, but only with SMTP, directly with F5 Also, it will be great if you can recommend a free or trial for 2FA solutions to be integrated with F5 APM
SMTP SNAT vs iRule header
Hello everyone, I have an issue related SMTP. This is the incoming mail topology in the organization: Internet ---> FW ---> LTM ---> Cisco ESA ----> Exchange server Between the LTM and the Cisco ESA (Email Security Appliance) is the configuration: F5 - LTM VS type: standard Port: 25 Profiles: TCP, SMTP SNAT: auto-map Pool: contains 2 members representing the ESA servers LB method: Round Robin ========================================================================== Cisco ESA Configured to recognize incoming relay form the F5 self IPs according to the "Received: from" header. ========================================================================== After looking at the email headers it seems that the "Received: from" header because of the auto-map. Disabling the auto-map is not an option, according to my customer, because the F5 cannot be the ESA's default gateway. Our other option is to try adding a new x-header containing the original IP of the sender. Does anyone know if that is even possible to add an email header using an iRule? Unfortunately didn't anything related in the F5 articles.Hybrid Exchange traffic and Starttls
we need to forward traffic from Exchange Online to the Exchange on premise server. direct connexion thru the firewall is working. We wanted to use the F5 to loadbalance the trafic on the 2 on premise exchange server. It seem that is a speciality with the starttls smtp trafic to do on the tcp port 25 😃. Thanks for your help Daniel
External SMTP monitor (written in Go)
Problem this snippet solves: We wrote an external SMTP monitor to work around K99840695. It moderatly customizable, supports STARTTLS and has builtin support to test content filtering via EICAR/GTUBE. The code is on Github, auto-generated releases are on the project's [https://github.com/hreese/f5-smtp-monitor/releases](release page). Code : https://github.com/hreese/f5-smtp-monitor Tested this on version: 11.6
Is it possible to use a WideIP to load balance connections to Mail Server (MX Records)
A customer implementation requires load balancing incoming connections to their hosted websites, that works ok. But the problem is with the mail, is it possible to configure F5 to load balance DNS responses between 2 MX records? And if not, what is the best way to load balance incoming mail connections (SMTP) not Web Mail. Thanks in advance
Just upgraded to 12.1 and getting many 'cron' emails?
I just recently upgraded from 11.3 to 12.1 and am for some reason now getting my email appliance spammed with cron job emails. Any idea how to stop this? Since yesterday I have over 2,000 emails queued because the mail server doesn't recognize the domain name. Seems to happen every minute from the two F5 appliances. Example of one email: Sender: [email protected] Recipient: [email protected] Subject: Cron /sbin/lsusb -v -d 0451:3410 >/dev/null
Request feedback on my STMP iRule
Long story short, I have been seeing a bunch of brute force SMTP auth attacks on our exchange server. They managed to get a valid username of one of our users so now they are trying a bunch of commonly used passwords to try to break in. After 25 tries, the account gets locked out and the legitimate user cannot read his email until I unlock his account. I noticed that the EHLO command is always the same (EHLO ABC123-PC) so I made an iRule using this the SMTP proxy here but added a couple lines so that if the EHLO message shows up then the connection is dropped. I think this might be overkill for what I want to do but I want the community to weigh in and critique the iRule. My main concern is how much of the BigIP 1600's resources will this take to run? when CLIENT_ACCEPTED { set chelo "" set cfrom "" set crcpt "" TCP::respond "220\r\n" log local0. "client accepted" TCP::collect } when CLIENT_DATA { set cdata [TCP::payload] if { [ string length $cdata ] <= 0 } { return } if { not ( $cdata contains "\r\n" ) } { log local0. "get <$cdata> so far" return } if { $cdata starts_with "EHLO ABC123-pc" }{ reject } if { $cdata starts_with "HELO" } { set chelo [TCP::payload] log local0. "get helo <$cdata>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $chelo] "" return } if { $cdata starts_with "MAIL FROM:" } { set cfrom [TCP::payload] log local0. "get from <$cfrom>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $cfrom] "" return } if { $cdata starts_with "RCPT TO:" } { set crcpt "$crcpt[TCP::payload]" log local0. "get rcpt <$crcpt>" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length [TCP::payload]] "" return } if { $cdata starts_with "DATA" } { log local0. "get data <$cdata>" TCP::payload replace 0 0 $chelo$cfrom$crcpt } log local0. "payload [TCP::payload]" TCP::release TCP::collect } when SERVER_CONNECTED { log "server connected" TCP::collect } when SERVER_DATA { set sdata [TCP::payload] if { $sdata starts_with "220" } { log local0. "get data <$sdata>" TCP::payload replace 0 [string length $sdata] "" return } if { $sdata contains "\r\n354 " } { log local0. "get data <$sdata>" TCP::payload replace 0 [string length $sdata] "354\r\n" } if { [ string length $sdata ] <= 0 } { return } log local0. "payload <[TCP::payload]>" TCP::release TCP::collect } when CLIENT_CLOSED { log local0. "client closed" }SMTP domain Whitelist Allow SMTP request based on MAIL FROM on serverside
Hello iRule experts, I am an irule beginner and I need some help.I have a datagroupe that contains more than 200 domain . I need route mail based on the domain found in the FROM header . My irule must verify if this domain has been properly Whitelisted by checking the datagroupe . My Irule Work when I'm using SMTP in cleartext without starttls activated on smtps profil . But with SMTP STARTTLS activated it's not work .So I'm want to check the mail from on Serverside because it using SMTP without Starttls . CLIENT-----:Port25(allow Starttls)F5--->SMTP(ClearText):Port25-->SERVER Here is my Irule that check MAIL FROM on CLIENT SIDE : Only Work if I use SMTP without Starttls configured on SMTPS profile when CLIENT_ACCEPTED { set cto "" set cdata "" log local0. "Connexion de [IP::remote_addr]" LB::connect TCP::collect set hsl [HSL::open -proto UDP -pool splunk.lab.local] set client_ip [IP::client_addr] } when CLIENT_DATA { log local0. "CLIENT_DATA" set cdata [TCP::payload] log local0. "cdata : $cdata" set hsl [HSL::open -proto UDP -pool splunk.lab.local] if { [string match -nocase "MAIL FROM:*" $cdata] } { log local0. "domaine : $cdata" set fromaddr [regsub -all \[\\r\\n\\s\] $cdata ""] log local0. "domaine : $fromaddr" set fromaddr [findstr $fromaddr ":" 1] log local0. "domaine : $fromaddr" set fromdomain [findstr $fromaddr "@" 1] log local0. "domaine : $fromdomain" if { [ class match [string tolower $fromdomain] contains "MailAddrList2" ] } { TCP::payload replace 0 0 $cto pool /Common/SMTP_POOL log local0. "Email Accept based on the recipient email address" log local0.info "domaine, $fromdomain, accepted , real client ip is : $client_ip" HSL::send $hsl "<190> domaine, $fromdomain , accepted, real client ip is : $client_ip \n" HSL::send $cdata "<190>domaine, $fromdomain , accepted" } else { reject log local0. "Domain not allowed please contact your administrator " HSL::send $hsl "<190> domaine, $fromdomain , not accepted, real client ip is : $client_ip \n" } } TCP::release TCP::collect } when SERVER_CONNECTED { log local0. "Connexion au serveur" TCP::collect } when SERVER_DATA { log local0. "sdata : [TCP::payload]" TCP::release `text` TCP::collect } Many thanks in advance HermannBigip mgmt port using tls 1.0 for smtp connection
Hi, We running 15.1.5.1 We did the smtp config from GUI and used the test button - we usue mgmt port for this config - it keeps using tls 1.0 but our mimecast server supports tls 1.2, how can i make the mgmt port use tls 1.0 for this connection? The client hello shows it using tls 1.0.. i cant find any option to change this!
