SMTP iApp Template - Early Release

Thanks for confirming my suspicions. That is correct; I only have Manager permissions for a specific partition.

One of our Administrators also tried to change the encryption settings on my behalf and got a similar error message. Is this error also caused by lack of permissions?

script did not successfully complete: ("external-monitor" unexpected argument
while executing
"tmsh::create [string range $args 7 end] "
("create" arm line 1)
invoked from within
"switch -exact -- [string range $args 0 5] {
create { tmsh::create [string range $args 7 end] }
modify { tmsh::modify [string r..."
(procedure "iapp_conf" line 14)
invoked from within
"iapp_conf create sys file external-monitor smtp_tls_eav source-path file:[create_eav_script tls_monitor_eav_script]"
invoked from within
"iapp_conf create ltm monitor external ${app}_smtp_tls_eav run [iapp_conf create sys file external-monitor smtp_tls_eav source-path file:[create_eav_..."

Hmm.. that error is new to me, the syntax of the command is correct. What version of BIG-IP are you running on?

We are running BIG-IP 12.1.0 Build 1.0.1447 HF1

Interesting... I am able to run the iApp just fine on a BIG-IP running 12.1.0. What happens if you try to create an external monitor from tmsh? At this point I would suggest opening a case to see what is going on.

create sys file external-monitor monitor_name source-path file:/config/monitors/some_file NOTE: Will need to create a file in the appropriate source-path, but goal is to figure out why it doesn't like "external-monitor" on your BIG-IP.

I'm on a VE; 12.1.2. build 0.0.249 Final

Can't deploy - get this message:

script did not successfully complete: (can't read "::app_health__monitor_body": no such variable while executing "set map " \"$::app_health__monitor_body\""" (procedure "create_monitor_message" line 5) invoked from within "create_monitor_message smtp_message_body" (procedure "configure_smtp" line 22) invoked from within "configure_smtp" line:522)

Tried manually importing the external monitors but that didn't help; using manually created Client SSL profile; running as an admin; SMTP message submitted (no auth).

Any suggestions on how to fix this?

P.S. Does work with No message submitted(no auth).

Hello Benjamin_gate, I believe i located the issue and this is resolved in rc8 of the smtp iapp, which i have now uploaded here. Please test out and let me know if you still run into this error.

Hi James, Yep! That's now working. Thanks. I have another question though.

Background * I've built my vSrv using your iApp to do SSL bridging on port 25 for four Exchange nodes (scenario 3 in your Deployment guide for this iApp).

• In order to not have it as an open relay, I followed this article.

   

• N.B. In order to add this iRule, I turned off strict edits on the iApp.

   

• The gist of how I added the explicit SNAT IP was to create a floating self-ip (because I have an HA pair) in the same range as my Exchange nodes, locked down to TCP port 25.

   

• Then in my iRule I used my own name for the data list of IPs and edited the iRule accordingly.

   

• I've built my receive connector on my Exchange nodes to accept network connections only from that floating self-ip (shown as green in diagram in the article)

   

Question

• My Exchange nodes are not coming online. No matter what monitor type I use - and I've left it with the 'No authentication, no message submitted' monitor - What am I missing?

On another SMTP vSrv I built using the SMTP iApp for my internal relay that has no SMTP encryption (scenario 1 on your Deployment guide), & without using the article cited above, and just having an open relay for internal servers, with the IPs of all F5 self-IPs in the Exchange receive connectors, the monitors come up.

Hey benjamin_gate, So a couple things to note in regards to your comment. 1. You can add custom iRules to be applied to the VS without disabling strict updates in the iApp by selecting advanced and then adding your iRules in the multichoice question labeled "Do you want to add any custom iRules to the SMTP virtual server?" 2. SSL Bridging as it currently stands in the iApp is meant to bridge tls on both client and server, where the server side tls is established directly (meaning no STARTTLS). This option is meant for the legacy port 465 (SMTPS) that establishes tls directly and does NOT use STARTTLS. The iApp currently does not bridge tls to a serverside port using tls by virtue of STARTTLS (25, 587). So the short answer is for port 25 you should select SSL offload and set up the SMTP server to not "require TLS" on the relay IP:port BIG-IP is using as pool members (at least when coming from BIG-IP).

I'd like to second the request to be able to add X-headers in an iRule.