Forum Discussion

Chad_Ernst's avatar
Chad_Ernst
Icon for Nimbostratus rankNimbostratus
Feb 02, 2009

smtp and smtp with tls on 1 arm config

 

We have used our LTM's primarily for web stuff up until now.

 

 

We now have a request to run smtp traffic thru it as well. I have been told that smtp and smtp with tls both use port 25.

 

 

To add another issue we are running a 1 arm config so SSL must be terminated at the LTM, IE can't just treat the LTM like a router (I know thats not the right term but it makes the most sense in my mind).

 

 

The SMTP destination is a Domino Lotus Notes server.

 

 

I think I can figure out straight SMTP (no TLS) and I think I can figure out how to do SMTP with TLS. But I get confused when I think about doing both on a single Virtual Server.

 

 

Has anybody done this that wants to share? Got any thoughts?

 

 

Thanks for reading.

 

 

Chad

 

chad_ernst@unigroupinc.com

3 Replies

  • Colin wrote a tech tip on this a while back:

     

     

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=158 Click here
  • I did actually see that iRule Colin wrote.

     

     

    What I'm not sure about is that I need to support mail clients that are not going to support SSL.

     

     

    In addition to handling relay duties for our external gateway I need to handle incoming smtp traffic from sendmail on some *nix machines, blat on windows machines, and smtp mail handlers off of WebSphere App Servers.

     

     

    So what adjustments to you make to that iRule to allow clients that just won't do SSL?

     

     

    Do you just remove the "else" (the snippet below)?

     

    else {

     

    TCP::respond "530 Must issue a STARTTLS command first\r\n"

     

    TCP::payload replace 0 [TCP::payload length] ""

     

    TCP::release

     

    TCP::collect

     

    }

     

  • You should be able to glean what you need from this thread, make sure you check out the attachment.

     

     

    http://devcentral.f5.com/default.aspx?tabid=53&forumid=5&postid=8410&view=topic Click here