Forum Discussion

mohammed_darwee's avatar
mohammed_darwee
Icon for Nimbostratus rankNimbostratus
Mar 14, 2010

Irule need to replace FQDN in SMTP traffic EHLO Message

Hi All,

 

 

I need an iRule to fix the below issue please,

 

 

The issue is:

 

For the traffic coming from external servers i.e. Foreign MMSC towards the MM3/4 Inbound traffic Virtual Server on the F5 i.e. 10.117.5.80:25, then F5 is configure to route to MM3/4 Inbound pool and the pool members are: (10.117.5.75:10025, & 10.117.5.76:10025), then those two servers will process the traffic and route it to MM3/4 Outbound traffic Virtual Server on the F5 i.e. 10.117.5.81:10025, then F5 is configure to route to MM3/4 Outbound pool and the pool members is 10.99.64.36:25 i.e. final destination.

 

 

Use Case_1:

 

Source Destination Protocol INFO

 

1. 80.227.14.14 10.117.5.80 SMTP Command: HELO mms.mnc003.mcc424.gpr from external server to the F5

 

2. 10.117.5.79 10.117.5.75 SMTP Response: HELO mms.mnc003.mcc424.gprs from F5 to the internal server

 

3. 10.117.5.75 10.117.5.81 SMTP Response: EHLO pfm.etisalat.ae from From Internal Server to F5

 

4. 10.117.5.79 10.99.64.36 SMTP Command: EHLO pfm.etisalat.ae from From F5 to the destination

 

 

Use Case_2:

 

1. 195.12.14.9 10.117.5.80 SMTP Command: HELO www.xxx.zzz from external server to the F5

 

2. 10.117.5.79 10.117.5.75 SMTP Response: HELO www.xxx.zzz from F5 to the internal server

 

3. 10.117.5.75 10.117.5.81 SMTP Response: EHLO pfm.etisalat.ae from From Internal Server to F5

 

4. 10.117.5.79 10.99.64.36 SMTP Command: EHLO pfm.etisalat.ae from From F5 to the destination

 

 

 

Needed Action:

 

In Packet 4 need F5 to replace the FQDN from pfm.etisalat.ae to the original domain name i.e.

 

In Use Case_1: it should be: 10.117.5.79 10.99.64.36 SMTP Command: EHLO mms.mnc003.mcc424.gprs instead of pfm.etisalat.ae.

 

 

In Use Case_2: it should be: 10.117.5.79 10.99.64.36 SMTP Command: EHLO www.xxx.zzz instead of pfm.etisalat.ae.

 

 

Many thanks

 

Rgds

 

Mohamed

 

application delivery
dev
devops
iRules

3 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2010
    Hi Mohamed,

     

    Did you go the sample codeshare? There is a SMTP Proxy iRule that may work for you

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/SMTPProxy.html

     

     

    I hope this helped

     

    Bhattman

     

  • Jon_Strabala_46's avatar
    Jon_Strabala_46
    Icon for Nimbostratus rankNimbostratus
    May 13, 2010
    Hello,

     

     

    I was trying to get the http://devcentral.f5.com/wiki/default.aspx/iRules/SMTPProxy.html iRULE to work (it is also a default in the iRULE editor) and it seems that it hangs on outlook express. Of course without the iRULE every thing works find sending mail to port 25.

     

     

    Any ideas on what is happening here (Note, the protocol seems to use HELO and so does the iRULE) ?

     

     

    I haven't looked on the wire yet but eventually I will via something like wireshark

     

     

    - Jon

     

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : 220 BIG-IP SMTP PROXY;

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) HELO SLINKYMALL

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get helo

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(HELO)

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) MAIL FROM:

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get from >

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(MAILFROM)

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) RCPT TO:

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get rcpt >

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(RCPTTO)

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) DATA

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : get data

     

    May 13 08:10:35 local/tmm info tmm[1350]: Rule smtp_proxy : payload(2) HELO SLINKYMALL MAIL FROM: RCPT TO: DATA

     

    May 13 08:10:41 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) <220 pls.mailserivce.com ESMTP server ready at Thu, 13 May 2010 11:06:54 -0700 (PDT) (qsi-v5) 250 pls.mailserivce.com Hello 123-47-61-225.static.btelecom.net [123.47.61.225], pleased to meet you 250 2.1.0 ... Sender ok 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >

     

    May 13 08:10:41 local/tmm info tmm[1350]: Rule smtp_proxy : get data 220 <220 pls.mailserivce.com ESMTP server ready at Thu, 13 May 2010 11:06:54 -0700 (PDT) (qsi-v5) 250 pls.mailserivce.com Hello 123-47-61-225.static.btelecom.net [123.47.61.225], pleased to meet you 250 2.1.0 ... Sender ok 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >

     

     

    ** just hangs for two minutes **

     

     

    May 13 08:12:42 local/tmm info tmm[1350]: Rule smtp_proxy : payload(1) <421 4.4.1 collect: unexpected close on connection from 123-47-61-225.static.btelecom.net, from= >

     

     

     

  • Nat_Thirasuttakorn's avatar
    Nat_Thirasuttakorn
    Icon for Employee rankEmployee
    Aug 25, 2011
    Hi Mohamed,

    I think you can use something like this... 

    
when SERVER_CONNECTED {
    clientside { TCP::collect }
}
when CLIENT_DATA {
    set p [string tolower [TCP::payload]]
    if { $p starts_with "rcpt to:" } {
         put you condition here, for example, only apply if there is @example
        if { $p contains "@example>" } {
             use stream profile or string manipulation or regexp here...
        }
        TCP::release
    } else {
         something else, let it be released to server
        TCP::release
        TCP::collect
    }
}

    Hi Jon,

    Try this...

    Nat 

    
when CLIENT_ACCEPTED {
    set chelo ""
    set cfrom ""
    set crcpt ""   
    TCP::respond "220\r\n"
    log local0. "client accepted"
    TCP::collect
}
when CLIENT_DATA {
    log local0. "payload: [TCP::payload]"
    set cdata [TCP::payload]
    if { [ string length $cdata ] <= 0 } {
        TCP::collect
        return
    }
    if { not ( $cdata contains "\r\n" ) } {
        log local0. "get <$cdata> so far"
        TCP::collect
        return
    }
    if { $cdata starts_with "HELO" || $cdata starts_with "EHLO" } {
        set chelo [TCP::payload]
        log local0. "get helo \[$cdata\]"
        TCP::respond "250 OK\r\n"
        TCP::payload replace 0 [string length $chelo] ""
        TCP::collect
        return
    }
    if { $cdata starts_with "MAIL FROM:" } {
        set cfrom [TCP::payload]
        log local0. "get from \[$cfrom\]"
        TCP::respond "250 OK\r\n"
        TCP::payload replace 0 [string length $cfrom] ""
        TCP::collect
        return
    }
    if { $cdata starts_with "RCPT TO:" } {
        set crcpt "$crcpt[TCP::payload]"
        log local0. "get rcpt \[$crcpt\]"
        TCP::respond "250 OK\r\n"
        TCP::payload replace 0 [string length [TCP::payload]] ""
        TCP::collect
        return
    }
    if { $cdata starts_with "DATA" } {
        log local0. "get data \[$cdata\]"
        TCP::payload replace 0 0 $chelo$cfrom$crcpt
    }
    TCP::release
    TCP::collect
}
when SERVER_CONNECTED {
    log "server connected"
    TCP::collect
}
when SERVER_DATA {
    log local0. "payload: [TCP::payload]"
    set sdata [TCP::payload]
    if { $sdata contains "\r\n354 " ||
            $sdata starts_with "354 " ||
            $sdata contains "354\r\n" } {
        log local0. "get resp \[$sdata\]"
        TCP::payload replace 0 [string length $sdata] "354 go ahead\r\n"
        TCP::release
    } else {
        TCP::collect
    }
}
when CLIENT_CLOSED {
    log local0. "client closed"
}