SMTP STARTTLS iRule

Thanks to all in this thread I got SMTP TLS offloaded to our BIGIP! Works great.

 

 

I was frustrated for a bit though, the "stock" iRule in the codeshare did not work for me, best I could tell is that it would never match the payload on "starttls". Forgive me if my terminology is off, I am just a Windows guy 😉

 

 

I had this issue testing from telnet, which I figured is the way that telnet submits every character which would cause the match not to happen on the "s" and the rule would then release TCP. I was merely testing to try a "ehlo" and then "starttls" to see if I got a "not implemented" (i.e. it didn't work) or a "220 Ready to start TLS" response which meant it was working.

 

 

I then tried using "checktls.com"receiver test to rule out the telnet issues, but that did not work either, which led me to believe there may be some SMTP sending servers out there that will not work with the stock iRule.

 

 

I ended up rearchitecting as such:

 

 

 

Good lord if someone can tell me how to post the code without the editor removing the spaces and carriage returns? I
tried pasting from iRule editor, notepad, wordpad...I even watched the video but he didn't paste in any code he just typed it in...
If you want to see the iRule just let me know how to do it and I can post it...

 

Anyways I had also written a rule to mask SMTP server names, so that one SMTP server can be multiple greeting names through the BIGIP, and I had the same issue, I needed a "if { not ( $lcpayload contains "\r\n" ) } { return }" in order to get the BIGIP to "hold off" until there is a carriage return to do the string matching. At least that is how I think it is working. It wouldn't work without in telnet or testing real SMTP servers with it.