Forum Discussion
NimbostratusiRule for TCP/SMTP and extract fields "MAIL FROM: "
I need a iRule to extract fields from "MAIL FROM:" in an SMTP traffic.
for example:
S->220 mail.mycompany.com Microsoft ESMTP MAIL Service ready ...
C->EHLO 172.16.1.100
S->250-mail.mycompany.com Hello [192.168.10.100]
S->250-SIZE 104857600
S->250-PIPELINING
S->250-DSN
S->250-ENHANCEDSTATUSCODES
S->250-STARTTLS
S->250-8BITMIME
S->250-BINARYMIME
S->250-CHUNKING
S->250 SMTPUTF8
C->MAIL FROM:<myuser@company.com>
S->250 2.1.0 Sender OK
C->RCPT TO:<otheruser@acme.com>
I tried with a first step, log all payload from Client, but it's not working.
I can't read any data from TCP::payload
when CLIENT_ACCEPTED {
TCP::collect 20
}
when CLIENT_DATA {
log local0. "Payload=[TCP::payload 20]"
TCP::release
}
the ltm log show only blank fields
<iRuleSMTP> Payload=
I tried this, for the next step extract fields as user@domain.com but is not working, the VS is Standard with TCP profile and port 25
Can you help me with this ?
What are I doing wrong ?
There are a number iRule implementations of SMTP proxies. I have linked a couple below. I have also implemented a proxy for SMTP myself based on haproxy's proxy protocol. I linked another example as well. That should give you plenty of guidance on how to read these headers. If you are still stuck after reading them, reach out.
SMTP Proxy - DevCentral (f5.com)
SMTP filter and forward proxy - DevCentral (f5.com)
Proxy Protocol Receiver - DevCentral (f5.com)
2 Replies
- Kevin_Davies
Nacreous
There are a number iRule implementations of SMTP proxies. I have linked a couple below. I have also implemented a proxy for SMTP myself based on haproxy's proxy protocol. I linked another example as well. That should give you plenty of guidance on how to read these headers. If you are still stuck after reading them, reach out.
SMTP Proxy - DevCentral (f5.com)
SMTP filter and forward proxy - DevCentral (f5.com)
Proxy Protocol Receiver - DevCentral (f5.com)
