Append TLS header to SMTP payload

Question

Hey,

&nbsp;
&nbsp;After implementing the "SMTP Start TLS" ( https://devcentral.f5.com/wiki/iRules.SMTP_Start_TLS.ashx ) with a little configuration, there is a requirement for the TLS header be attached or appended to the SMTP payload or header (for client side TLS troubleshooting).

&nbsp;
&nbsp;Could this be achieved by using the "TCP::payload replace" command in the iRule's "when SERVER_DATA" conditional statment.
&nbsp;
&nbsp;Is it possible that the iRule's 4Mb data collection limit could be reached in this circumstance?

&nbsp;
&nbsp;Thanks.

nrelihan_68143 · Answer

iRule in question: 
  
 when CLIENT_ACCEPTED {
    set ehlo 0
    SSL::disable
}
when SERVER_CONNECTED {
    TCP::collect
}
when CLIENT_DATA {
    set lcpayload [string tolower [TCP::payload]]
    if { $lcpayload starts_with "ehlo" } {
        set ehlo 1
        TCP::release
        serverside { TCP::collect }
    } elseif { $lcpayload starts_with "starttls" } {
        TCP::respond "220 Ready to start TLS
"
        TCP::payload replace 0 [TCP::payload length] ""
        TCP::release
        SSL::enable
    } else {
        TCP::release
    }
}
when SERVER_DATA {
    set lspayload [string tolower [TCP::payload]]
    if { $ehlo == 1 and not ( $lspayload contains "starttls" ) } {
        if { $lspayload contains "250 ok
" } {
            TCP::payload replace [expr [TCP::payload length] - 8] 0 "250-STARTTLS
"
        }
    }
    TCP::release
    clientside { TCP::collect }
}

Forum Discussion

Append TLS header to SMTP payload

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

HTTP Payload Collection

Large payload post requests aren't responding

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

Payload string based persistence

Security Headers Insertion