For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Apr 14, 2014

IMAP exchange 2010 not working

Been trying to get this to work but the monitor looks to be my issue. I've set the exchange IMAP service to use plaintextlogon and is working fine without SPA authentication. I cannot get the IMAP monitor working to bring the pool to healthy.

 

If I try a simple TCP monitor the pool is marked up but it doesnt work.

 

I am using BIG IP 11.4.1 and Exchange 2010 SP3; anyone got IMAPS to work over TCP993?

 

application delivery
deployment
LTM
microsoft

2 Replies

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Apr 14, 2014

    Hi Rabbit23, v1.3 of the Exchange iApp will automatically create an EAV monitor that supports IMAPS (utilizing curl-apd, which became available in BIG-IP v11.4.1).

    Here's the text of that EAV file. You'll need to save it as a shell script and then import into BIG-IP, and configure it like you would any other EAV monitor. You will need to disable strictness to apply it to the IMAP pool.

    !/bin/sh
 These arguments supplied automatically for all external monitors:
 $1 = IP (nnn.nnn.nnn.nnn notation)
 $2 = port (decimal, host byte order)

 This script expects the following Name/Value pairs:
  USER  = the username associated with a mailbox
  PASSWORD = the password for the user account
  DOMAIN = the Windows domain in which the account lives

 Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)

NODE=`echo ${1} | sed 's/::ffff://'`
if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
     node is v4
    NODE=${NODE}
else
     node is v6
    NODE=[${NODE}]
fi
PORT=993
FOLDER="INBOX"
PIDFILE="/var/run/`basename ${0}`.appname_${USER}_${NODE}_ad.pid"
RECV='EXISTS'

 kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
   echo "EAV exceeded runtime needed to kill ${NODE}:${PORT}" | logger -p local0.error
   kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
/usr/bin/curl-apd -k -v -u ${DOMAIN}\\${USER}:${PASSWORD} -X "SELECT ${FOLDER}" imaps://${NODE}:${PORT} 2>&1 | grep "${RECV}" > /dev/null
STATUS=$?
rm -f $PIDFILE
if [ $STATUS -eq 0 ]
then
    echo "UP"
fi
exit

    As to why clients can't connect even when the pool is marked up with a TCP monitor, you'll probably need to sniff the IMAP traffic to see what's going on there.

    Mike

  • Rabbit23_116296's avatar
    Rabbit23_116296
    Icon for Nimbostratus rankNimbostratus
    Apr 15, 2014

    Thanks Mike

     

    It was a case of RTFM for me. I have found rerunning the iApp template causes a lot of grief as there are many customizations and there are still bugs in the current template. I got this to work by enabling 993 on the VS and having TLS 143 on the back-end to the pool members (only draw back is i can't re-encrypt / bridge SSL).

     

    I'll give the EAV a bash.