Adam_L__1503
Feb 01, 2012Historic F5 Account
Adding STARTTLS functionality to outbound SMTP sessions via iRule
Note: I am not the author of this iRule, but I thought that this was a very useful trick, and the author of it has given me permission to share it here. This iRule will take outbound SMTP connections which pass through a LTM and will add full STARTTLS functionality. In other words -- how to add encryption to your outbound SMTP sessions without having to upgrade or otherwise fiddle with your SMTP server. :)
Comments and/or suggestions welcome.
when CLIENT_ACCEPTED {
log local0. "client accepted"
SSL::disable serverside
}
when SERVER_CONNECTED {
TCP::collect
}
when SERVER_DATA {
log local0. "server payload: [string tolower [TCP::payload]]"
set payload [string tolower [TCP::payload]]
if {$payload contains "220 smtp esmtp relay"}
{
respond with a EHLO to server
TCP::respond "EHLO\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
log local0. "responded to server with EHLO"
serverside {TCP::collect}
}
elseif {$payload contains "250-starttls" }
{
respond with a STARTTLS to server
TCP::respond "STARTTLS\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
log local0. "Sent the server a STARTTLS"
serverside {TCP::collect}
}
elseif {$payload contains "220 2.0.0 ready to start tls"}
{
start ssl profile with server
log local0. "server said he is ready for TLS, enable the SSL profile"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
serverside {SSL::enable}
}
}
when SERVERSSL_HANDSHAKE {
log local0. "SSL handshake completed."
clientside { TCP::respond "220 SMTP ESMTP Relay\r\n" }
SSL::collect
}
when SERVERSSL_DATA {
log local0. "server SSL payload: [SSL::payload]"
SSL::release
SSL::collect
}