SMTP Proxy with TLS

Ok, so first some background on this. I have a project to set up a new email system that works with Messagelabs, and balance my sendmail servers behind an F5. The additional requirement is all SMTP is to be encrypted and sent using TLS certificates on SMTP port 25. Messagelabs does not support anything other than TCP port 25. In relation to the F5, the sendmail servers are on a different subnet, but desired/required to send all outbound mail through the F5 to route up to Messagelabs.

 

 

What my current tasks and goals are, is to take the F5 Codeshare SMTP proxy rule and get it to work with my Sendmail servers. I have having small issues with the response codes and so forth, but that is really kind of trivial. I am also having the code respond as if it were a sendmail server by expanding the SMTP code responses (FQDN stamp on the 250, a pleased to meet you with client IP injected, etc) which are quick mods of the code. After getting that tweaked, I am planning on setting it up (for sake of simplicity) for the IRULE to take and route mail based off of the client IP. Something simple like: if from Sendmail servers (1-3) go to this FQDN (would be too long if I listed IP's in this code) else if any other IP's go to Sendmail 1-3. This way the Sendmail boxes can be balanced with the incoming mail, and all mail is seen as coming from just the F5 VIP.

 

 

My two biggest hurdles is that if it goes to the Messagelabs site, it has to be TLS encrypted, so I need to have the F5 set up that channel on port 25 for outbound, and to relay the mail with the IRULE effectively. I am not a programmer professionally, though I have been known to make really ugly code at home.

 

 

 

What I am polling for with this post, is to see if anyone out there in DevCentral land has done something like this, and if so, how/what was the best way they did it and what lessons learned were there? I am more curious because this particular issue left the poor support folk at the main F5 desk really confused, and I didn't even mention half of this in the request, I was just after a really generic way to get the sendmail servers to use the F5 as a smart host, but I digress. If there isn't anyone out there who has done something like this and can/will share, I will post my lessons learned and the working code I have come up with for this.