I currently have an ALLOW_ANY
policy on my mesh config in order to test some specific in implementation of the egress.
In this specific example, I am trying to configure an SMTP service to route all traffic over the SMTP ports through Egress;
I’ve defined the following ServiceEntry
to do this.
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: smtp-all
namespace: istio-system
spec:
hosts:
- '*.com'
ports:
- number: 25
name: smtp
protocol: TCP
- number: 587
name: smtps
protocol: TCP
location: MESH_EXTERNAL
However, if I look at my SMTP outgoing traffic, I don’t see anything coming through the proxy to indicate its being routed to the egress, I also see from my emails that the origin still points to the node IP that the pod is assigned to.
I’ve tried different resolution approaches resolution: DNS
and explicitly defining a host like so;
spec:
addresses:
- 142.250.0.0/15
- 2607:f8b0:4023:1004::1b/32
hosts:
- aspmx.l.google.com
location: MESH_EXTERNAL
But this still doesn’t seem to touch the traffic. Here’s an example output log from my SMTP server. Only concern I see is it is resolving to an IPv6 address:
[30] [2021-04-26T02:16:35.114] INFO -- : [UMW2LNGT] Connected to 2607:f8b0:4023:1004::1b:25 (aspmx.l.google.com)
[30] [2021-04-26T02:16:35.114] INFO -- : [UMW2LNGT] Sending message 1::18 to XXXXXX
[30] [2021-04-26T02:16:35.563] INFO -- : [UMW2LNGT] Message sent #18 to aspmx.l.google.com (2607:f8b0:4023:1004::1b) for XXXXXXX
Does anyone have any good examples of a blanket SMTP egress configuration through Istio?