cancel
Showing results for 
Search instead for 
Did you mean: 

F5 Device SMTP Server Config and TLS

JustCooLpOOLe
Cirrocumulus
Cirrocumulus

Hi,

 

I'm trying to configure the SMTP server within Device -> Configuration -> SMTP but apparently it wants to communicate via TLSv1 which is an issue as the mail relay server that I have to use only allows TLSv1.2, obviously. Is there any variables that can be changed to make this connection want to use TLSv1.2 rather than TLSv1?

 

Thanks in advance on any guidance!

6 REPLIES 6

JustCooLpOOLe
Cirrocumulus
Cirrocumulus

bump

From what I read the F5 uses Linux SSMTP email client to generate emails and it is very limited. You can check for Linix SSMTP options to specify TLS1.2 but I couldn't find them for 20 minutes so you may need to look for hours if it is possible https://support.f5.com/csp/article/K13180 .

 

 

 

Better configure your syslog or SIEM server that the F5 sends the logs to do the email generation.

So I'm trying to use APM to generate an email that provides a OTP to a user based on their email address found via AD Query. I may just have to pose the question to support to see if there is a db variable that controls that.

 

SSMTP (i.e. mailhub) seems to act differently than the GUI version which is odd.

JustCooLpOOLe
Cirrocumulus
Cirrocumulus

I did find this: https://support.f5.com/csp/article/K72681151

 

😱

That seems bad 😞

 

If they say it is not a bug but a feature that in the future tey will add I sugest trying with the SIEM or syslog server. You may generate a custom log in /var/log/apm with the Access policy logging agent and then when the log is send to the SIEM/syslog server they will generate email:

 

 

https://support.f5.com/csp/article/K13595

 

 

 

F5 HSL logging to SIEM or syslog:

 

 

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-imple...

 

 

 

You also use SNMP station/server with F5 traps but it is harder:

 

 

https://support.f5.com/csp/article/K3727

 

https://support.f5.com/csp/article/K51341580

Maybe looking at iRulesLX could help you solve your issue. There are a couple of code snippets available here on devcentral for sending OTP via sendgrid. Take a look here:

https://devcentral.f5.com/s/articles/send-otp-via-sendgridemail-api-1181

 

I think it is not a 100% ready-made solution for your issue, but a starting point.

 

Ssmtp is... limited in terms of security.