SMTP Start TLS

Problem this snippet solves:

Summary: This iRule allows either clear text or TLS encrypted communication with the LTM initiating the encryption process if it sees the appropriate "starttls" command in the SMTP communication.

Code :

when CLIENT_ACCEPTED {
    set ehlo 0
    SSL::disable
}
when SERVER_CONNECTED {
    TCP::collect
}
when CLIENT_DATA {
    set lcpayload [string tolower [TCP::payload]]
    if { $lcpayload starts_with "ehlo" } {
        set ehlo 1
        serverside { TCP::collect }
        TCP::release
        TCP::collect
    } elseif { $lcpayload starts_with "starttls" } {
        TCP::respond "220 Ready to start TLS\r\n"
        TCP::payload replace 0 [TCP::payload length] ""
        TCP::release
        SSL::enable
    } else {
        TCP::release
    }
}
when SERVER_DATA {
    if { $ehlo == 1 and not([string tolower [TCP::payload]] contains "starttls") } {
        TCP::payload replace 0 0 "250-STARTTLS\r\n"
    }
    TCP::release
    clientside { TCP::collect }
}
Published Mar 18, 2015
Version 1.0