Forum Discussion

Jim_Kessler_504's avatar
Jim_Kessler_504
Icon for Nimbostratus rankNimbostratus
Jan 28, 2007

Still Learning ...... Dig deeper into LTM and spam

My question is in regards to the code below. This was one of the iRule winners in 2005. I understand the syntax, but what I don't understand is where the data for 'harvesters' and 'spammers' and 'blacklist' etc... is being stored on the LTM

 

 

After reading the write up on the winner, the spam info is collected on a spam appliance and then sent to the LTM, where the iRule picks up the data. I am in a similar situation where I am collecting a lot of data in regards of spammers on the email servers and I would like to push this data to the LTM so the LTM can make decisions on the connections before the expensive processing is used. So, how is the data moved up to the LTM and how does the LTM know to refer to the data based on the code below.

 

 

Follow this link on the write up of this code.

 

 

http://devcentral.f5.com/Default.aspx?tabid=74

 

 

Is there something that I am overlooking?

 

 

Thanks in advance.

 

 


when CLIENT_ACCEPTED {
  if {[matchclass [IP::remote_addr] equals $::harvesters] }{
    TCP::respond "550 Message Rejected - Too many unknown recipients\r\n"
    drop
  }
  if {[matchclass [IP::remote_addr]equals $::spammers] }{
     TCP::respond "550 Message Rejected - Too much spam\r\n"
    drop
  }
  if {[matchclass [IP::remote_addr] equals $::blacklisted] }{
     TCP::respond "550 Message Rejected - client blacklisted\r\n"
    drop
  }
  if {[matchclass [IP::remote_addr] equals $::infected]}{
     TCP::respond "550 Message Rejected - Infected\r\n"
    drop
  }
  if {[matchclass [IP::remote_addr] equals $::tarpit] }{
    pool slow_rateclass
  }
}
application delivery
dev
devops
iRules

1 Reply

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jan 29, 2007
    For that example, the data is stored in data groups (or classes). Data Groups can be internal (meaning the contents are embedded in the configuration database), or external (meaning they are stored in a file and the filename is referenced by the configuration and the contents are loaded into the runtime engine at configuration load time.

     

     

    For large data groups, it is recommended to use external data groups. As to how these can be remotely created and modified on the device, that could either be done by a remote secure copy (scp) command, or by using our iControl remote management interfaces (SOAP). The iControl docs are found in the iControl downloads section on DevCentral. You'll want to look up the LocalLB::Class interface for the relevant methods. iControl supports java, perl, and .NET so whatever your programming preference is, odds are it's covered.

     

     

    If you have more specific questions about which methods to use or how to best use them, post that over in the iControl v9.x forum and I'll try to help you out.

     

     

    Good luck!

     

     

    BTW, we've just released a mail security module on BIG-IP that works in conjunction with Secure Computing's database. Here's the press release with some info:

     

     

    http://www.f5.com/communication/press/2006/release112006.html

     

    Click here

     

     

    This may or may not work for your situation. I'd encourage you to take a look and if you contact Sales, make sure to let them know Joe from DevCentral forwarded you. Not that I get any commission, it's just fun to let the Sales folks know who sent you to them.

     

     

    -Joe