JG
May 18, 2014Cumulonimbus
iRule for SMTP: Passing Client IP Addr to backend mail servers
When SNATs are used for a virtual server, the backend SMTP servers cannot get the client IP address. This irule is intended to replace the string after "EHLO" or "HELO" in mail client initiation with the client's real IP address. For us, this could enable us to track down an offending mail originating device.
when CLIENT_ACCEPTED {
set c-addr [IP::client_addr]
log local0. "Client addr: $c-addr"
}
when CLIENT_DATA {
STREAM::expression {@^EHLO.*\r\n@@ @^HELO.*\r\n@@}
STREAM::enable
event STREAM_MATCHED enable
}
when STREAM_MATCHED {
set mstring [STREAM::match]
log local0. "STREAM_MATCHED: string: $mstring"
if {$mstring starts_with "EHLO"} {
set replacment "EHLO $c-addr\r\n"
log local0. "STREAM_MATCHED: replacement string: $replacement"
STREAM::replace "$mstring/$replacment"
}
if {$mstring starts_with "HELO"} {
set replacment "HELO $c-addr\r\n"
log local0. "STREAM_MATCHED: replacement string: $replacement"
STREAM::replace "$mstring/$replacment"
}
event STREAM_MATCHED disable
}
when SERVER_DATA {
STREAM::disable
}
This is just an idea at this moment, and I won't be able to test the code until I find a suitable test environment for it; but for now, any comment is welcome as to if this will work at all and if yes what can be improved. Thanks.