Forum Discussion

JD1's avatar
JD1
Icon for Altostratus rankAltostratus
Jul 09, 2019

Sending HTML Emails via APM Email Action

Hi All,

 

Is it possible at all to send HTML emails (so to include an image in the email body) via the APM policy by default.

I see a few threads from years gone by where people were asking for this, but no solid answers.

 

Alternatively, without having the write out the entire SMTP conversation and instead leveraging the email options on F5, is it possible to iRule this in it's simplest form?

 

Many thanks,

 

JD

  • Hi JD,

     

    I was in the same situation sometime ago. Finally, ended up using iRule to send out HTML emails.

     

    I have tried using HTML tags in APM Email Agent in VPE (after creating an SMTP configuration object under System -> Configuration -> Device -> SMTP) but it treated the tags as message body text. So, no use.

     

    Anyways, I found iRule method much more flexible in terms of email design and HTML tags.

     

    Here a sample iRule to start with:

     

    ============================================================================================

    when RULE_INIT {

      set static::debug 1

    }

     

    when ACCESS_POLICY_AGENT_EVENT {

     if { [ACCESS::policy agent_id] eq "Login-Alert" } {

        log local0. "Agent triggered"

        set mailfrom "F5-BIG-IP@company.com"

        set mailserv "192.168.1.10:25"

         

        set response0 "<font face=calibri>Dear [ACCESS::session data get session.ad.last.attr.name]</font>"

        set response1 "<font face=calibri>Your account </font><font color=4455FA face=calibri>[ACCESS::session data get session.ad.last.attr.mail]</font> <font face=calibri>was used for login to Company Application.</font>"

        set response2 "<b><font face=calibri>Client Type:</b> [ACCESS::session data get session.client.type]</font>"

          set response3 "<b><font face=calibri>Client IP:</b> [ACCESS::session data get session.user.clientip]</font>"

        set response4 "<b><font face=calibri>Location:</b> [ACCESS::session data get session.user.ipgeolocation.state], [ACCESS::session data get session.user.ipgeolocation.country_name].</font>"

        

        set recipient "[ACCESS::session data get session.ad.last.attr.mail]"

     

        set conn [connect -timeout 3000 -idle 30 -status conn_status $mailserv]

     

        set data "HELO\r\nMAIL FROM: $mailfrom\r\nRCPT TO: $recipient\r\nDATA\r\nSUBJECT: Application Login Activity\r\nMIME-Version: 1.0;\r\nContent-Type: text/html;charset=iso-8859-1;\r\n\r\n\r\n$response<p>\r\n$response0</p><p>\r\n$response1</p><p>\r\n$response2</p><p>\r\n$response3</p><p>\r\n$response4</p>\r\n\r\n.\r\n"

        log local0. "helo done."

        set send_info [send -timeout 3000 -status send_status $conn $data]

        set recv_data [recv -timeout 3000 -status recv_status 393 $conn]

        log local0.info $recv_data

        close $conn

      }

    }

    ============================================================================================

     

    In the above example, you can change the underlined code as per your environment and the bold text is just the message text in between HTML tags and APM session variables (you can write your own text).

     

    Basically, this iRule sends out an email notification to the user who logs into the company application and it provides the following information in the message body:

     

    • The account which was used for authentication
    • Client browser type
    • Client IP
    • Client Geo Location

    All of this information is fetched from APM session variables.

     

    I hope this will help.

     

    Imran

  • It is now supported => https://support.f5.com/csp/article/K55045050

    "Beginning in BIG-IP APM 15.1.0, when you configure an access policy with the Email agent, the system sends email that contains the following content-type headers:

    • Content-Transfer-Encoding: 8bit
    • Content-Type: text/html; charset=UTF-8"

    So I tried this

    One-Time Password: <b> %{session.otp.assigned.val} </b><br><br>
    Expires after use OR in %{session.otp.assigned.ttl} seconds

     And it worked because the result was this

    Regards

  • Hi JD,

     

    I was in the same situation sometime ago. Finally, ended up using iRule to send out HTML emails.

     

    I have tried using HTML tags in APM Email Agent in VPE (after creating an SMTP configuration object under System -> Configuration -> Device -> SMTP) but it treated the tags as message body text. So, no use.

     

    Anyways, I found iRule method much more flexible in terms of email design and HTML tags.

     

    Here a sample iRule to start with:

     

    ============================================================================================

    when RULE_INIT {

      set static::debug 1

    }

     

    when ACCESS_POLICY_AGENT_EVENT {

     if { [ACCESS::policy agent_id] eq "Login-Alert" } {

        log local0. "Agent triggered"

        set mailfrom "F5-BIG-IP@company.com"

        set mailserv "192.168.1.10:25"

         

        set response0 "<font face=calibri>Dear [ACCESS::session data get session.ad.last.attr.name]</font>"

        set response1 "<font face=calibri>Your account </font><font color=4455FA face=calibri>[ACCESS::session data get session.ad.last.attr.mail]</font> <font face=calibri>was used for login to Company Application.</font>"

        set response2 "<b><font face=calibri>Client Type:</b> [ACCESS::session data get session.client.type]</font>"

          set response3 "<b><font face=calibri>Client IP:</b> [ACCESS::session data get session.user.clientip]</font>"

        set response4 "<b><font face=calibri>Location:</b> [ACCESS::session data get session.user.ipgeolocation.state], [ACCESS::session data get session.user.ipgeolocation.country_name].</font>"

        

        set recipient "[ACCESS::session data get session.ad.last.attr.mail]"

     

        set conn [connect -timeout 3000 -idle 30 -status conn_status $mailserv]

     

        set data "HELO\r\nMAIL FROM: $mailfrom\r\nRCPT TO: $recipient\r\nDATA\r\nSUBJECT: Application Login Activity\r\nMIME-Version: 1.0;\r\nContent-Type: text/html;charset=iso-8859-1;\r\n\r\n\r\n$response<p>\r\n$response0</p><p>\r\n$response1</p><p>\r\n$response2</p><p>\r\n$response3</p><p>\r\n$response4</p>\r\n\r\n.\r\n"

        log local0. "helo done."

        set send_info [send -timeout 3000 -status send_status $conn $data]

        set recv_data [recv -timeout 3000 -status recv_status 393 $conn]

        log local0.info $recv_data

        close $conn

      }

    }

    ============================================================================================

     

    In the above example, you can change the underlined code as per your environment and the bold text is just the message text in between HTML tags and APM session variables (you can write your own text).

     

    Basically, this iRule sends out an email notification to the user who logs into the company application and it provides the following information in the message body:

     

    • The account which was used for authentication
    • Client browser type
    • Client IP
    • Client Geo Location

    All of this information is fetched from APM session variables.

     

    I hope this will help.

     

    Imran

    • JD1's avatar
      JD1
      Icon for Altostratus rankAltostratus

      - Thank you for taking the time to reply and appreciate the answer.

      Unfortunately, that is the option I saw too but was trying to avoid.

       

      Feel an RFE should be raised for this, given it's such a seemingly standard function - I feel iRules should be reserved for more complicated or niche cases.