Forum Discussion
mohammed_darwee
Nimbostratus
NimbostratusIrule need to replace FQDN in SMTP traffic EHLO Message
Hi All,
I need an iRule to fix the below issue please,
The issue is:
For the traffic coming from external servers i.e. Foreign MMSC towards the MM3/4 Inbound traffic Virtual Server on the F5 i.e. 10.117.5.80:25, then F5 is configure to route to MM3/4 Inbound pool and the pool members are: (10.117.5.75:10025, & 10.117.5.76:10025), then those two servers will process the traffic and route it to MM3/4 Outbound traffic Virtual Server on the F5 i.e. 10.117.5.81:10025, then F5 is configure to route to MM3/4 Outbound pool and the pool members is 10.99.64.36:25 i.e. final destination.
Use Case_1:
Source Destination Protocol INFO
1. 80.227.14.14 10.117.5.80 SMTP Command: HELO mms.mnc003.mcc424.gpr from external server to the F5
2. 10.117.5.79 10.117.5.75 SMTP Response: HELO mms.mnc003.mcc424.gprs from F5 to the internal server
3. 10.117.5.75 10.117.5.81 SMTP Response: EHLO pfm.etisalat.ae from From Internal Server to F5
4. 10.117.5.79 10.99.64.36 SMTP Command: EHLO pfm.etisalat.ae from From F5 to the destination
Use Case_2:
1. 195.12.14.9 10.117.5.80 SMTP Command: HELO www.xxx.zzz from external server to the F5
2. 10.117.5.79 10.117.5.75 SMTP Response: HELO www.xxx.zzz from F5 to the internal server
3. 10.117.5.75 10.117.5.81 SMTP Response: EHLO pfm.etisalat.ae from From Internal Server to F5
4. 10.117.5.79 10.99.64.36 SMTP Command: EHLO pfm.etisalat.ae from From F5 to the destination
Needed Action:
In Packet 4 need F5 to replace the FQDN from pfm.etisalat.ae to the original domain name i.e.
In Use Case_1: it should be: 10.117.5.79 10.99.64.36 SMTP Command: EHLO mms.mnc003.mcc424.gprs instead of pfm.etisalat.ae.
In Use Case_2: it should be: 10.117.5.79 10.99.64.36 SMTP Command: EHLO www.xxx.zzz instead of pfm.etisalat.ae.
Many thanks
Rgds
Mohamed
- The_BhattmanHi Mohamed,
Did you go the sample codeshare? There is a SMTP Proxy iRule that may work for you
http://devcentral.f5.com/wiki/default.aspx/iRules/SMTPProxy.html
I hope this helped
Bhattman 
Jon_Strabala_46Hello,
I was trying to get the http://devcentral.f5.com/wiki/default.aspx/iRules/SMTPProxy.html iRULE to work (it is also a default in the iRULE editor) and it seems that it hangs on outlook express. Of course without the iRULE every thing works find sending mail to port 25.
Any ideas on what is happening here (Note, the protocol seems to use HELO and so does the iRULE) ?
I haven't looked on the wire yet but eventually I will via something like wireshark
- Jon
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : 220 BIG-IP SMTP PROXY;
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) HELO SLINKYMALL
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get helo
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(HELO)
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) MAIL FROM:
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get from >
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(MAILFROM)
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) RCPT TO:
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get rcpt >
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(RCPTTO)
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) DATA
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get data
May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(2) HELO SLINKYMALL MAIL FROM: RCPT TO: DATA
May 13 08:10:41 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) <220 pls.mailserivce.com ESMTP server ready at Thu, 13 May 2010 11:06:54 -0700 (PDT) (qsi-v5) 250 pls.mailserivce.com Hello 123-47-61-225.static.btelecom.net [123.47.61.225], pleased to meet you 250 2.1.0 ... Sender ok 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >
May 13 08:10:41 local/tmm info tmm[1350]: Rule smtp_proxy : get data 220 <220 pls.mailserivce.com ESMTP server ready at Thu, 13 May 2010 11:06:54 -0700 (PDT) (qsi-v5) 250 pls.mailserivce.com Hello 123-47-61-225.static.btelecom.net [123.47.61.225], pleased to meet you 250 2.1.0 ... Sender ok 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >
** just hangs for two minutes **
May 13 08:12:42 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) <421 4.4.1 collect: unexpected close on connection from 123-47-61-225.static.btelecom.net, from= >
Nat_ThirasuttakornEmployee
Hi Mohamed,
I think you can use something like this...when SERVER_CONNECTED { clientside { TCP::collect } } when CLIENT_DATA { set p [string tolower [TCP::payload]] if { $p starts_with "rcpt to:" } { put you condition here, for example, only apply if there is @example if { $p contains "@example>" } { use stream profile or string manipulation or regexp here... } TCP::release } else { something else, let it be released to server TCP::release TCP::collect } }
Hi Jon,
Try this...
Natwhen CLIENT_ACCEPTED { set chelo "" set cfrom "" set crcpt "" TCP::respond "220\r\n" log local0. "client accepted" TCP::collect } when CLIENT_DATA { log local0. "payload: [TCP::payload]" set cdata [TCP::payload] if { [ string length $cdata ] <= 0 } { TCP::collect return } if { not ( $cdata contains "\r\n" ) } { log local0. "get <$cdata> so far" TCP::collect return } if { $cdata starts_with "HELO" || $cdata starts_with "EHLO" } { set chelo [TCP::payload] log local0. "get helo \[$cdata\]" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $chelo] "" TCP::collect return } if { $cdata starts_with "MAIL FROM:" } { set cfrom [TCP::payload] log local0. "get from \[$cfrom\]" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length $cfrom] "" TCP::collect return } if { $cdata starts_with "RCPT TO:" } { set crcpt "$crcpt[TCP::payload]" log local0. "get rcpt \[$crcpt\]" TCP::respond "250 OK\r\n" TCP::payload replace 0 [string length [TCP::payload]] "" TCP::collect return } if { $cdata starts_with "DATA" } { log local0. "get data \[$cdata\]" TCP::payload replace 0 0 $chelo$cfrom$crcpt } TCP::release TCP::collect } when SERVER_CONNECTED { log "server connected" TCP::collect } when SERVER_DATA { log local0. "payload: [TCP::payload]" set sdata [TCP::payload] if { $sdata contains "\r\n354 " || $sdata starts_with "354 " || $sdata contains "354\r\n" } { log local0. "get resp \[$sdata\]" TCP::payload replace 0 [string length $sdata] "354 go ahead\r\n" TCP::release } else { TCP::collect } } when CLIENT_CLOSED { log local0. "client closed" }
