Forum Discussion

andresneri1's avatar
andresneri1
Icon for Nimbostratus rankNimbostratus
Jul 22, 2022

iRule for TCP/SMTP and extract fields "MAIL FROM: "

I need a iRule to extract fields from "MAIL FROM:" in an SMTP traffic.

for example:

S->220 mail.mycompany.com Microsoft ESMTP MAIL Service ready ...

C->EHLO 172.16.1.100

S->250-mail.mycompany.com Hello [192.168.10.100]

S->250-SIZE 104857600

S->250-PIPELINING

S->250-DSN

S->250-ENHANCEDSTATUSCODES

S->250-STARTTLS

S->250-8BITMIME

S->250-BINARYMIME

S->250-CHUNKING

S->250 SMTPUTF8

C->MAIL FROM:<myuser@company.com>

S->250 2.1.0 Sender OK

C->RCPT TO:<otheruser@acme.com>

 

 

I tried with a first  step, log all payload  from Client, but it's not working.

I can't read any data from TCP::payload

when CLIENT_ACCEPTED {
TCP::collect 20
}
when CLIENT_DATA {
log local0. "Payload=[TCP::payload 20]"
TCP::release
}

the ltm log show only blank fields 

<iRuleSMTP> Payload=

I tried this, for the next step extract fields as user@domain.com  but is not working, the VS is Standard with TCP profile and port 25 

 

Can you help me with this ?

What are I doing wrong ?