iRule to modify SMTP mail content

Apologies for the late response. Thanks for your help Seth & CJunior. The code that we've finally come up with looks like this:

when CLIENT_ACCEPTED { TCP::respond "220\r\n" log local0. "Request from [IP::client_addr]" TCP::collect 2048 } when CLIENT_DATA { set cdata [TCP::payload]

            log local0. "Received SMTP DATA..."
            log local0. "Received Data is ..."
            log local0. "<$cdata>"

            if { $cdata contains "Exchange2010R2" } {
                   log local0. "DATA contains Exchange..."
                   TCP::payload replace 0 [TCP::payload length] [string map {"Sent From:" "Sent From:\nExchange 2010 R2 Server\n"} [TCP::payload]]
           }
            TCP::release
            TCP::collect

}

This works absolutely fine when i try to send an email via TELNET using EHLO, MAIL FROM: commands etc. But the moment i send an email from Outlook (Exchange server), i encountered a few issues:

1. When the payload was less than 2048, the message was stuck in CLIENT_ACCEPTED and was never delivered to the server by F5.
2. When the payload is greater than 2048, the message goes into the CLIENT_DATA section. Can see the EHLO, MAIL FROM, RCPT TO printed in the logs. But the moment the DATA section comes up, i encounter a and the connection is closed there (the message has a lot of info in the DATA section). I dont see this after removing the iRule completely from F5.

Have been stuck with this for a long time now. 😞 Thanks in Advance, Ajay