Andrea
Sep 26, 2017Nimbostratus
re-encypting mail traffic add server side ssl
we are on bigip version 12.1.2 trying to decrypt mail traffic then re-encrypt . when we offload traffic, mail flows fine but when it connects to the backend server it changes the header. so we wanted to re-encrypt the traffic on the f5 then pass the encypted traffic to the backend mail server. when i add the server side ssl on the big ip it stops all traffic. f5 support gave me this irule but it still doesn't seem to work. Still no traffic is flowing . here is the irule below can anyone see my issue.
when CLIENT_ACCEPTED {
log local0. "client accepted"
SSL::disable serverside
}
when SERVER_CONNECTED {
TCP::collect
}
when SERVER_DATA {
log local0. "server payload: [string tolower [TCP::payload]]"
set payload [string tolower [TCP::payload]]
if {$payload contains "220" and $payload contains "esmtp"}
{
respond with a EHLO to server
TCP::respond "EHLO domain.com\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
log local0. "responded to server with EHLO"
serverside {TCP::collect}
}
elseif {$payload contains "250-starttls"}
{
respond with a STARTTLS to server
TCP::respond "STARTTLS\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
log local0. "Sent the server a STARTTLS"
serverside {TCP::collect}
}
elseif {$payload contains "220 2.0.0 ready to start tls"}
{
start ssl profile with server
log local0. "server said he is ready for TLS, enable the SSL profile"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
serverside {SSL::enable}
}
}
when SERVERSSL_HANDSHAKE {
log local0. "SSL handshake completed."
clientside { TCP::respond "220 SMTP server ready\r\n" }
SSL::collect
}
when SERVERSSL_DATA {
log local0. "server SSL payload: [SSL::payload]"
SSL::release
SSL::collect
}