cancel
Showing results for 
Search instead for 
Did you mean: 

iRule for TCP/SMTP and extract fields "MAIL FROM: "

andresneri1
Nimbostratus
Nimbostratus

I need a iRule to extract fields from "MAIL FROM:" in an SMTP traffic.

for example:

S->220 mail.mycompany.com Microsoft ESMTP MAIL Service ready ...

C->EHLO 172.16.1.100

S->250-mail.mycompany.com Hello [192.168.10.100]

S->250-SIZE 104857600

S->250-PIPELINING

S->250-DSN

S->250-ENHANCEDSTATUSCODES

S->250-STARTTLS

S->250-8BITMIME

S->250-BINARYMIME

S->250-CHUNKING

S->250 SMTPUTF8

C->MAIL FROM:<myuser@company.com>

S->250 2.1.0 Sender OK

C->RCPT TO:<otheruser@acme.com>

 

 

I tried with a first  step, log all payload  from Client, but it's not working.

I can't read any data from TCP::payload

when CLIENT_ACCEPTED {
TCP::collect 20
}
when CLIENT_DATA {
log local0. "Payload=[TCP::payload 20]"
TCP::release
}

the ltm log show only blank fields 

<iRuleSMTP> Payload=

I tried this, for the next step extract fields as user@domain.com  but is not working, the VS is Standard with TCP profile and port 25 

 

Can you help me with this ?

What are I doing wrong ?

1 ACCEPTED SOLUTION

There are a number iRule implementations of SMTP proxies. I have linked a couple below. I have also implemented a proxy for SMTP myself based on haproxy's proxy protocol. I linked another example as well.  That should give you plenty of guidance on how to read these headers. If you are still stuck after reading them, reach out.

SMTP Proxy - DevCentral (f5.com)
SMTP filter and forward proxy - DevCentral (f5.com)
Proxy Protocol Receiver - DevCentral (f5.com) 

View solution in original post

2 REPLIES 2

-- removed - wrong location -- 

There are a number iRule implementations of SMTP proxies. I have linked a couple below. I have also implemented a proxy for SMTP myself based on haproxy's proxy protocol. I linked another example as well.  That should give you plenty of guidance on how to read these headers. If you are still stuck after reading them, reach out.

SMTP Proxy - DevCentral (f5.com)
SMTP filter and forward proxy - DevCentral (f5.com)
Proxy Protocol Receiver - DevCentral (f5.com)