SMTP Start TLS
Problem this snippet solves:
Summary: This iRule allows either clear text or TLS encrypted communication with the LTM initiating the encryption process if it sees the appropriate "starttls" command in the SMTP communication.
Code :
when CLIENT_ACCEPTED {
set ehlo 0
SSL::disable
}
when SERVER_CONNECTED {
TCP::collect
}
when CLIENT_DATA {
set lcpayload [string tolower [TCP::payload]]
if { $lcpayload starts_with "ehlo" } {
set ehlo 1
serverside { TCP::collect }
TCP::release
TCP::collect
} elseif { $lcpayload starts_with "starttls" } {
TCP::respond "220 Ready to start TLS\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
SSL::enable
} else {
TCP::release
}
}
when SERVER_DATA {
if { $ehlo == 1 and not([string tolower [TCP::payload]] contains "starttls") } {
TCP::payload replace 0 0 "250-STARTTLS\r\n"
}
TCP::release
clientside { TCP::collect }
}Published Mar 18, 2015
Version 1.0
Nat_Thirasuttakorn
Employee
EmployeeNat_ThirasuttakornEmployee
Employee3 Comments
JG_249184Altocumulus
Does this achieve end to end SMTP TLS? I am looking for a way to send secure all the way to the backend servers.
MichaelJordan_1Nimbostratus
Thanks. I'm gonna try this one. Fingers crossed...
- Sam_Novak
Altostratus
@MichaelJordan perhaps the iRule I just posted might solve your problem? My testing thus far is promising. https://devcentral.f5.com/s/articles/starttls-server-smtp-with-cleartext-and-starttls-client-support-1209