Forum Discussion
Chuck76_338274
Nimbostratus
NimbostratusF5 and STARTTLS
I am not able to find a way for the F5 (BIG-IP 11.6.0 Build 1.0.403 Hotfix HF1) to essentially proxy an SMTP connection inbound and outbound to/from our email gateway and establishing (or not) a TLS connection. I am looking for the opportunistic conversation to occur between the F5 and the backend email gateway. Going outbound, the email gateway would forward the email to the F5 and the F5 would query the receiving gateway to determine if it could do or responded properly to the STARTTLS conversation. Likewise, an incoming email toward our gateways - the F5 would establish (yes/no) if the sending gateway could do STARTTLS. Thanks very much.
NUT2889Cirrostratus
Hi,
Do you have example logical network diagram for better understanding.
Simon_BlakelyEmployee
Chuck76_338274I don't know if this will help - but here is the concept. Thanks for the help.
- NOC_Admin_35422
Hey Chuck76,
Did this worked? can you confirm back?
Regards
- Chuck76_338274
After review we decided not to use the irule approach. We implemented TLS for email with the F5 listening for incoming email as opposed to initiating via the F5. The email gateways sending email outbound will initiate the TLS going out. The irule approach didn't seem to be a clean approach. We looked at it for a while. Thanks for following up.
Stanislas_Piro2Cumulonimbus
Look at this deployment guide to configure smtps profile with starttls
Sam_HallI couldn't find an existing iRule for this myself, so I put this one together. Sorry it's a bit late, but your question and the comments here are the most current and applicable to this use case that I could find. It might help others... https://gist.github.com/Sam-Hall/5c743933b13ad8bc8734fef02eed5ab1