Forum Discussion

Sylvain_Maitena's avatar
Sylvain_Maitena
Icon for Nimbostratus rankNimbostratus
Jul 18, 2016

capture IP client on IMAP request

I used this I-Rule to insert the client IP in the Http Header of the request to gather this information on my server : " when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [IP::client_addr] } "

 

This works fine but now I need to do the same thing with IMAP/POP3 request.

 

Thanks in advance

 

9 Replies

  • Maybe this, assuming you just want to log the client IP.

     

    when CLIENT_CONNECTED {

     

    log local0. "IMAP Connection from [IP::client_addr]"

     

    }

     

    • DevBabu's avatar
      DevBabu
      Icon for Cirrus rankCirrus

      Where do you want to log the IP, in POP3/IMAP server of in LTM. If in LTM you might want to use the above iRule. It's not possible for you to get client IP forwarded to server if you use SNAT for other protocols.

       

    • Sylvain_Maitena's avatar
      Sylvain_Maitena
      Icon for Nimbostratus rankNimbostratus

      hello,

       

      I want to log the client IP in the IMAP/POP3 server. And I don't use SNAT.

       

      Thank you for your time.

       

  • Maybe this, assuming you just want to log the client IP.

     

    when CLIENT_CONNECTED {

     

    log local0. "IMAP Connection from [IP::client_addr]"

     

    }

     

    • DevBabu's avatar
      DevBabu
      Icon for Cirrus rankCirrus

      Where do you want to log the IP, in POP3/IMAP server of in LTM. If in LTM you might want to use the above iRule. It's not possible for you to get client IP forwarded to server if you use SNAT for other protocols.

       

    • Sylvain_Maitena's avatar
      Sylvain_Maitena
      Icon for Nimbostratus rankNimbostratus

      hello,

       

      I want to log the client IP in the IMAP/POP3 server. And I don't use SNAT.

       

      Thank you for your time.

       

  • what is the IMAP/POP3 server type, which vendor, which version?

     

    in general DevBabu is right, HTTP has a nice option for this, but many other protocols don't. if you check with your IMAP/POP3 server vendor they might explain what they can do and then we can check if the LTM can assist. but it would be a first for me.

     

  • Hi Sylvain,

     

    I think its a little bit to early to think in iRules.

     

    You should at first start to telnet to your POP3/IMAP Servers and find a proper way to pass and log some "Freetext" into the conversation without breaking the protocol conversation...

     

    Note: I'm pretty sure this test will be already a dead end, since POP3/IMAP doesn't support a EHLO/HELO style command (like SMTP do) where you can STREAM insert and then log "Freetext" of your choice.

     

    Cheers, Kai

     

  • Hi,

     

    It is possible log ip address for Zimbra proxy IMAP :

     

    Mac:~ fred$ telnet 10.50.3.154 143 Trying 10.50.3.154... Connected to 10.50.3.154. Escape character is '^]'. * OK IMAP4 ready A ID ("X-ORIGINATING-IP" "172.31.0.70") * ID ("NAME" "Zimbra" "VERSION" "8.6.0_GA_1153" "RELEASE" "20141215151116") A OK completed B login fred@mail.blabla.local blabla B OK [CAPABILITY IMAP4rev1 ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST] LOGIN completed C select INBOX * 3 EXISTS * 0 RECENT * OK [UIDVALIDITY 1] UIDs are valid for this mailbox * OK [UIDNEXT 281] next expected UID is 281 * FLAGS (\Answered \Deleted \Draft \Flagged \Seen $Forwarded $MDNSent Forwarded $Junk $NotJunk Junk JunkRecorded NonJunk NotJunk) * OK [PERMANENTFLAGS (\Answered \Deleted \Draft \Flagged \Seen $Forwarded $MDNSent Forwarded *)] junk-related flags are not permanent * OK [HIGHESTMODSEQ 660] modseq tracked on this mailbox C OK [READ-WRITE] SELECT completed D logout * BYE mail.msc.local Zimbra IMAP4rev1 server closing connection D OK LOGOUT completed Connection closed by foreign host.

     

    by cons I do not know how to irule ????

     

    when CLIENT_ACCEPTED { set client_addr [ip::client_ad TCP::collect }

     

    when SERVER_CONNECTED {

     

    TCP::collect }

     

    when SERVER_DATA { if { [TCP::payload] contains "* A ID" } { TCP::payload replace "* A /[X-ORIGINATING-IP/]" + $client_addr TCP::release clientside { TCP::collect }

     

    } else { TCP::release TCP::collect } }

     

    Thanks for the help

     

    fred