cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Sending HTML Emails via APM Email Action

JD1
Nimbostratus
Nimbostratus

Hi All,

 

Is it possible at all to send HTML emails (so to include an image in the email body) via the APM policy by default.

I see a few threads from years gone by where people were asking for this, but no solid answers.

 

Alternatively, without having the write out the entire SMTP conversation and instead leveraging the email options on F5, is it possible to iRule this in it's simplest form?

 

Many thanks,

 

JD

1 ACCEPTED SOLUTION

Imran_Abid
Altocumulus
Altocumulus

Hi JD,

 

I was in the same situation sometime ago. Finally, ended up using iRule to send out HTML emails.

 

I have tried using HTML tags in APM Email Agent in VPE (after creating an SMTP configuration object under System -> Configuration -> Device -> SMTP) but it treated the tags as message body text. So, no use.

 

Anyways, I found iRule method much more flexible in terms of email design and HTML tags.

 

Here a sample iRule to start with:

 

============================================================================================

when RULE_INIT {

  set static::debug 1

}

 

when ACCESS_POLICY_AGENT_EVENT {

 if { [ACCESS::policy agent_id] eq "Login-Alert" } {

    log local0. "Agent triggered"

    set mailfrom "F5-BIG-IP@company.com"

    set mailserv "192.168.1.10:25"

     

    set response0 "<font face=calibri>Dear [ACCESS::session data get session.ad.last.attr.name]</font>"

    set response1 "<font face=calibri>Your account </font><font color=4455FA face=calibri>[ACCESS::session data get session.ad.last.attr.mail]</font> <font face=calibri>was used for login to Company Application.</font>"

    set response2 "<b><font face=calibri>Client Type:</b> [ACCESS::session data get session.client.type]</font>"

      set response3 "<b><font face=calibri>Client IP:</b> [ACCESS::session data get session.user.clientip]</font>"

    set response4 "<b><font face=calibri>Location:</b> [ACCESS::session data get session.user.ipgeolocation.state], [ACCESS::session data get session.user.ipgeolocation.country_name].</font>"

    

    set recipient "[ACCESS::session data get session.ad.last.attr.mail]"

 

    set conn [connect -timeout 3000 -idle 30 -status conn_status $mailserv]

 

    set data "HELO\r\nMAIL FROM: $mailfrom\r\nRCPT TO: $recipient\r\nDATA\r\nSUBJECT: Application Login Activity\r\nMIME-Version: 1.0;\r\nContent-Type: text/html;charset=iso-8859-1;\r\n\r\n\r\n$response<p>\r\n$response0</p><p>\r\n$response1</p><p>\r\n$response2</p><p>\r\n$response3</p><p>\r\n$response4</p>\r\n\r\n.\r\n"

    log local0. "helo done."

    set send_info [send -timeout 3000 -status send_status $conn $data]

    set recv_data [recv -timeout 3000 -status recv_status 393 $conn]

    log local0.info $recv_data

    close $conn

  }

}

============================================================================================

 

In the above example, you can change the underlined code as per your environment and the bold text is just the message text in between HTML tags and APM session variables (you can write your own text).

 

Basically, this iRule sends out an email notification to the user who logs into the company application and it provides the following information in the message body:

 

  • The account which was used for authentication
  • Client browser type
  • Client IP
  • Client Geo Location

All of this information is fetched from APM session variables.

 

I hope this will help.

 

Imran

View solution in original post

3 REPLIES 3

Imran_Abid
Altocumulus
Altocumulus

Hi JD,

 

I was in the same situation sometime ago. Finally, ended up using iRule to send out HTML emails.

 

I have tried using HTML tags in APM Email Agent in VPE (after creating an SMTP configuration object under System -> Configuration -> Device -> SMTP) but it treated the tags as message body text. So, no use.

 

Anyways, I found iRule method much more flexible in terms of email design and HTML tags.

 

Here a sample iRule to start with:

 

============================================================================================

when RULE_INIT {

  set static::debug 1

}

 

when ACCESS_POLICY_AGENT_EVENT {

 if { [ACCESS::policy agent_id] eq "Login-Alert" } {

    log local0. "Agent triggered"

    set mailfrom "F5-BIG-IP@company.com"

    set mailserv "192.168.1.10:25"

     

    set response0 "<font face=calibri>Dear [ACCESS::session data get session.ad.last.attr.name]</font>"

    set response1 "<font face=calibri>Your account </font><font color=4455FA face=calibri>[ACCESS::session data get session.ad.last.attr.mail]</font> <font face=calibri>was used for login to Company Application.</font>"

    set response2 "<b><font face=calibri>Client Type:</b> [ACCESS::session data get session.client.type]</font>"

      set response3 "<b><font face=calibri>Client IP:</b> [ACCESS::session data get session.user.clientip]</font>"

    set response4 "<b><font face=calibri>Location:</b> [ACCESS::session data get session.user.ipgeolocation.state], [ACCESS::session data get session.user.ipgeolocation.country_name].</font>"

    

    set recipient "[ACCESS::session data get session.ad.last.attr.mail]"

 

    set conn [connect -timeout 3000 -idle 30 -status conn_status $mailserv]

 

    set data "HELO\r\nMAIL FROM: $mailfrom\r\nRCPT TO: $recipient\r\nDATA\r\nSUBJECT: Application Login Activity\r\nMIME-Version: 1.0;\r\nContent-Type: text/html;charset=iso-8859-1;\r\n\r\n\r\n$response<p>\r\n$response0</p><p>\r\n$response1</p><p>\r\n$response2</p><p>\r\n$response3</p><p>\r\n$response4</p>\r\n\r\n.\r\n"

    log local0. "helo done."

    set send_info [send -timeout 3000 -status send_status $conn $data]

    set recv_data [recv -timeout 3000 -status recv_status 393 $conn]

    log local0.info $recv_data

    close $conn

  }

}

============================================================================================

 

In the above example, you can change the underlined code as per your environment and the bold text is just the message text in between HTML tags and APM session variables (you can write your own text).

 

Basically, this iRule sends out an email notification to the user who logs into the company application and it provides the following information in the message body:

 

  • The account which was used for authentication
  • Client browser type
  • Client IP
  • Client Geo Location

All of this information is fetched from APM session variables.

 

I hope this will help.

 

Imran

- Thank you for taking the time to reply and appreciate the answer.

Unfortunately, that is the option I saw too but was trying to avoid.

 

Feel an RFE should be raised for this, given it's such a seemingly standard function - I feel iRules should be reserved for more complicated or niche cases.

Jad_Tabbara__J1
Cirrostratus
Cirrostratus

It is now supported => https://support.f5.com/csp/article/K55045050

"Beginning in BIG-IP APM 15.1.0, when you configure an access policy with the Email agent, the system sends email that contains the following content-type headers:

  • Content-Transfer-Encoding: 8bit
  • Content-Type: text/html; charset=UTF-8"

So I tried this

One-Time Password: <b> %{session.otp.assigned.val} </b><br><br>
Expires after use OR in %{session.otp.assigned.ttl} seconds

 And it worked because the result was this

Jad_Tabbara__J1_0-1644363725793.png

Regards