NimbostratusHi,
We use F5 BIG-IP as the SMTP relay and need assistance in blocking specific hostnames to send out emails, i did went through some iRules but couldn't find anything that can help me with and also in some articles it's been mentioned that this can be done using filtering if we have AFM module, if so any brief steps on how to do that would be helpful .
Thank you.
MVPHi, since there are multiple ways to an F5 as an SMTP relay how are you doing this at the moment? This will give us an idea of what we can suggest
NimbostratusHi Kevin,
overview of our setup :
we have a virtual server(SMTP relay host) created on port 25 with a pool of gmail SMTP servers , this virtual server is NATED to an external IP on our edge firewall with SNAT enabled on the F5.
our internal applications are pointed to the relay hostname on the F5 and we want to restrict specific client(applications) hostnames SMTP traffic to be dropped on the F5 before forwarding that to the pool members.
hope i made it clear.
Thanks in advance.
MVPWhat profiles do you have attached to the VS?
MVPThat's because it is SMTP traffic and not HTTP traffic. Applying a HTTP profile will just block the traffic.
When I said not easy, you then have to start writing iRules to interpret SMTP traffic. This is not a simple thing to do. See the codeshare for examples https://devcentral.f5.com/s/global-search/%40uri#q=smtp&sort=relevancy&f:@f5_url_filter=[Codeshare]
MVPYou could do something like this which might be significantly easier...
https://devcentral.f5.com/s/articles/smtp-stream-catching-unapproved-domains
NimbostratusKevin,
Thanks for the links and i do have a question from the below code which you referenced in the link
when CLIENT_ACCEPTED {
log local0. "client accepted"
STREAM::expression {=RCPT TO:<[A-Za-z0-9._%+-]+@(?!(myOKDomain|myOtherOKDomain))[A-Za-z0-9.-]+\.[A-Za-z]{2,4}>=RCPT TO:<mail.bucket@mydomain.org>=}
STREAM::enable
}
when STREAM_MATCHED {
log local0. "Stream filter matched: [STREAM::match]"
}
so basically do i just need to replace (myOKDomain|myOtherOKDomain) with our from address hosts which i want to block the email from and everything else is passed through the iRule right?
MVPThey should be the domains you want to allow.
Inside the expression you will see ?!(myOKDomani|myOtherOKDomain). The ! means not. If you want to match bad domains then remove the !. So it becomes ?(badDomain|anotherbadDomain). Then inside the STREAM::expression add the reject command. This means anything that matches will have its connection killed.