Customer want to enable TLS in the SMTP

What type of Virtual Server are you using? Will the TLS be terminated on the real servers or do you want to terminate on the F5?

its normal virtual config

virtual netmail.usa.com_25 '{ snat automap pool netmail.usa.com_25 destination 110.90.3.19:25 ip protocol tcp persist source_addr }'

yes i want to terminate on the F5

thanks i have edited...

It seems an iRule is your only option, see here: https://devcentral.f5.com/articles/iruleology-ndashsmtp-start-tls. Note you'll need a suitable ClientSSL profile assigned to the VS and it'll need to be listening on 25 and 465 I think.

Based on our testing it appears that with the iRule we can successfully establish a secure TLS session between the Internet (MS Office 365 cloud) and the DMZ load balancer. However, the client needs the TLS session to extend all the way to the xchange servers. the LB can be configured to subsequently request/establish a TLS session to the pool members as well. We need to provide a response to the client fairly quickly

Well, that's much easier. Just use a Performance L4 VS, no ClientSSL profile. Just find out what port the TLS will run on, most likely 465.

they are using port 25 for smtp....

could you please give some more details, we need to use Fast L4 and how to enable the TLS..if we use Fast L4 we need to remove the Irule right? then how TLS will work

The exchange servers (as per the requirement) will handle the TLS, you'll just be load balancing at layer four to those servers.

So, just remove the iRule and the ClientSSL profile, apply the default FastL4 profile and off you go. If you want to tweak the FastL4 profile, feel free but the default should be fine.

Hopefully I'm being clear but if not, post back.