I currently have an
ALLOW_ANY policy on my mesh config in order to test some specific in implementation of the egress.
In this specific example, I am trying to configure an SMTP service to route all traffic over the SMTP ports through Egress;
I’ve defined the following
ServiceEntry to do this.
apiVersion: networking.istio.io/v1beta1 kind: ServiceEntry metadata: name: smtp-all namespace: istio-system spec: hosts: - '*.com' ports: - number: 25 name: smtp protocol: TCP - number: 587 name: smtps protocol: TCP location: MESH_EXTERNAL
However, if I look at my SMTP outgoing traffic, I don’t see anything coming through the proxy to indicate its being routed to the egress, I also see from my emails that the origin still points to the node IP that the pod is assigned to.
I’ve tried different resolution approaches
resolution: DNS and explicitly defining a host like so;
spec: addresses: - 184.108.40.206/15 - 2607:f8b0:4023:1004::1b/32 hosts: - aspmx.l.google.com location: MESH_EXTERNAL
But this still doesn’t seem to touch the traffic. Here’s an example output log from my SMTP server. Only concern I see is it is resolving to an IPv6 address:
 [2021-04-26T02:16:35.114] INFO -- : [UMW2LNGT] Connected to 2607:f8b0:4023:1004::1b:25 (aspmx.l.google.com)  [2021-04-26T02:16:35.114] INFO -- : [UMW2LNGT] Sending message 1::18 to XXXXXX  [2021-04-26T02:16:35.563] INFO -- : [UMW2LNGT] Message sent #18 to aspmx.l.google.com (2607:f8b0:4023:1004::1b) for XXXXXXX
Does anyone have any good examples of a blanket SMTP egress configuration through Istio?