kraigk_52257
Mar 31, 2009Nimbostratus
iRule for TLS SMTP encryption (Colin's code)
I'm trying to figure out how to implement this. So far I've had no success. I am currently terminating SSL/SMTP on port 465 which load balances to a pool on a non-standard port. That pool is Exchange 2007 Hub Transport servers. This works fine. When I try use this rule and do the same with a client using SSL and port 587 I get nowhere. I have this VIP load balancing to the Hub Transport servers in a different pool/port. Anyone used this successfully? It is a fine bit of code and it is kiiling me not to have it working.
when CLIENT_ACCEPTED {
SSL::disable
}
when SERVER_CONNECTED {
TCP::collect
}
when CLIENT_DATA {
set lcpayload [string tolower [TCP::payload]]
if { $lcpayload starts_with "ehlo" } {
TCP::respond "250-STARTTLS\r\n250 OK\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
TCP::collect
} elseif { $lcpayload starts_with "starttls" } {
TCP::respond "220 Ready to start TLS\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
SSL::enable
} else {
TCP::respond "530 Must issue a STARTTLS command first\r\n"
TCP::payload replace 0 [TCP::payload length] ""
TCP::release
TCP::collect
}
}
when SERVER_DATA {
TCP::release
clientside { TCP::collect }
}