diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:18:05 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:18:05 +0000 |
commit | b46aad6df449445a9fc4aa7b32bd40005438e3f7 (patch) | |
tree | 751aa858ca01f35de800164516b298887382919d /tests/conf/test-inspect-smtp.cfg | |
parent | Initial commit. (diff) | |
download | haproxy-b46aad6df449445a9fc4aa7b32bd40005438e3f7.tar.xz haproxy-b46aad6df449445a9fc4aa7b32bd40005438e3f7.zip |
Adding upstream version 2.9.5.upstream/2.9.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/conf/test-inspect-smtp.cfg')
-rw-r--r-- | tests/conf/test-inspect-smtp.cfg | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/tests/conf/test-inspect-smtp.cfg b/tests/conf/test-inspect-smtp.cfg new file mode 100644 index 0000000..5cfc864 --- /dev/null +++ b/tests/conf/test-inspect-smtp.cfg @@ -0,0 +1,44 @@ +# This is a test configuration. It listens on port 8025, waits for an incoming +# connection, and applies the following rules : +# - if the address is in the white list, then accept it and forward the +# connection to the server (local port 25) +# - if the address is in the black list, then immediately drop it +# - otherwise, wait up to 35 seconds. If the client talks during this time, +# drop the connection. +# - then accept the connection if it passes all the tests. +# +# Note that the rules are evaluated at every new chunk of data read, and at +# delay expiration. Rules which apply to incomplete data don't match as long +# as the timer has not expired. + +listen block-fake-mailers + log 127.0.0.1:514 local0 + option tcplog + + mode tcp + bind :8025 + timeout client 60s + timeout server 60s + timeout queue 60s + timeout connect 5s + + tcp-request inspect-delay 35s + + acl white_list src 127.0.0.2 + acl black_fast src 127.0.0.3 # those ones are immediately rejected + acl black_slow src 127.0.0.4 # those ones are rejected after a delay + + tcp-request content accept if white_list + tcp-request content reject if black_fast + tcp-request content reject if black_slow WAIT_END + tcp-request content reject if REQ_CONTENT + # note that it is possible to wait for the end of the analysis period + # before rejecting undesired contents + # tcp-request content reject if REQ_CONTENT WAIT_END + + # on Linux+transparent proxy patch, it's useful to reuse the client'IP + # source 0.0.0.0 usesrc clientip + + balance roundrobin + server mail 127.0.0.1:25 + |