Forum Discussion

nrelihan_68143's avatar
nrelihan_68143
Icon for Nimbostratus rankNimbostratus
Mar 29, 2012

Append TLS header to SMTP payload

Hey,

 

 

After implementing the "SMTP Start TLS" ( https://devcentral.f5.com/wiki/iRules.SMTP_Start_TLS.ashx ) with a little configuration, there is a requirement for the TLS header be attached or appended to the SMTP payload or header (for client side TLS troubleshooting).

 

 

Could this be achieved by using the "TCP::payload replace" command in the iRule's "when SERVER_DATA" conditional statment.

 

 

Is it possible that the iRule's 4Mb data collection limit could be reached in this circumstance?

 

 

Thanks.
application delivery
dev
devops
iRules
  • nrelihan_68143's avatar
    nrelihan_68143
    Icon for Nimbostratus rankNimbostratus
    Mar 29, 2012
    iRule in question: 

    when CLIENT_ACCEPTED {
    set ehlo 0
    SSL::disable
}
when SERVER_CONNECTED {
    TCP::collect
}
when CLIENT_DATA {
    set lcpayload [string tolower [TCP::payload]]
    if { $lcpayload starts_with "ehlo" } {
        set ehlo 1
        TCP::release
        serverside { TCP::collect }
    } elseif { $lcpayload starts_with "starttls" } {
        TCP::respond "220 Ready to start TLS\r\n"
        TCP::payload replace 0 [TCP::payload length] ""
        TCP::release
        SSL::enable
    } else {
        TCP::release
    }
}
when SERVER_DATA {
    set lspayload [string tolower [TCP::payload]]
    if { $ehlo == 1 and not ( $lspayload contains "starttls" ) } {
        if { $lspayload contains "250 ok\r\n" } {
            TCP::payload replace [expr [TCP::payload length] - 8] 0 "250-STARTTLS\r\n"
        }
    }
    TCP::release
    clientside { TCP::collect }
}