Forum Discussion
NimbostratusiRules for enabling TLS in SMTP
Dear all,
Im deploying LTM for Exchange 2013 now. User had been succeed for using POP3 with SMTP relay configuration without TLS. But if we used TLS for the SMTP, it wont work. The mailbox configuration show report such "Your server doesn't support the encryption connection ...".
I had read https://devcentral.f5.com/articles/iruleology-ndashsmtp-start-tls and https://devcentral.f5.com/questions/smtp-starttls-irule, and try to used the iRules. But it won't work for my problem. Does anybody can help me what to do with this? I used the iRules on my SMTP virtual server.
I'm load balancing 4 SMTP server, and used port 25. User connection was NAT'ted using automap. For the VS, i'm using standard VS with no ClientSSL profile, port 25, and it was success for connection which not used TLS with this configuration.
Thanks before for the help.
Shaggy
2 Replies
mr_shaggy_17493And one more thing, when i try to telnet to the SMTP server, the result show : 220 **************************************************************************** *************************** I can not execute command "ehlo" though i can do telnet. Can anybody tell me regarding this result? Thanks before.
Nat_ThirasuttakornEmployee
Hi Mr.Shaggy,
to use the smtp starttls iRule, you may need to assign clientssl profile to the virtual. however, one thing to note, for the two smtp starttls iRule you mentioned, the first one support both starttls and non-starttls client. The second one is designed to enforce starttls, so if client does not support starttls, it may fail.
when your client is configured to use tls, it uses port 25, right? (if it use different port, it may not be starttls. it may be explicit ssl and you do not need the iRule)
Nat
