aFlex for log mail from,to, on STARTTLS/TLS mails in ssl-proxy port

albertoalberto Member
in aFleX
Hi, i'm new in this forum and with a10 aFlex.

Device: A10 thunder 3030s
Os: 2.7.2-P11(build: 77)
I've configured a SMTP service in one VIP with two ports:
25 - SMTP
2530 - STARTTLS/TLS (port with ssl-client template in mode ssl-proxy)
and (for GDPR law) need to log the ip, mail from, mail to, message id, ip from, vip, nat,... but when mail is sended with starttls or tls i can't do it.

How can i do it succesfully?

The aflex: 
# Script para capturar ip de origen del remitente, destinatario, remitente e id del mensaje
# 1539078849:09/10/2018-11:54:09] [<ip_origen> <ipVIP> <ip Servidor>] [<remitente> <destinatario/s> <mensaje id>]
when RULE_INIT {
    set ::cip "N/D"
    set ::cport "N/D"
    set ::vip "N/D"
    set ::vport "N/D"
    set ::fechahumana "N/D"
    set ::timestamp "N/D"
    set ::snat_ip "N/D"
    set ::snat_port "N/D"
    set ::sip "N/D"
    set ::sport "N/D"  
    set ::remitente "N/D" 
    set ::destinatario_s "N/D" 
    set ::id_mensaje "N/D"
}

when CLIENT_ACCEPTED {
    set ::cip [IP::client_addr]
    set ::cport [TCP::client_port]
    set ::vip [IP::local_addr]
    set ::vport [TCP::local_port]
    set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
    set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
    set ::fechahumana "$fecha-$hora"
    set ::timestamp [TIME::clock seconds]
}

when SERVER_CONNECTED {
    TCP::collect
    set ::snat_ip [IP::local_addr]
    set ::snat_port [TCP::local_port]
    set ::sip [IP::server_addr]
    set ::sport [TCP::server_port]    
    set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
    set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
    set ::fechahumana "$fecha-$hora"
    set ::timestamp [TIME::clock seconds] 
}
when CLIENT_DATA {
    set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
    set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
    set ::fechahumana "$fecha-$hora"
    set ::timestamp [TIME::clock seconds]
    set lcpayload [string tolower [TCP::payload]]
    regsub "\x0a" $lcpayload " " lcpayload
    #log local0.7 $lcpayload
    #log $lcpayload
    if { $lcpayload contains "mail from:" } {
        set ::remitente $lcpayload
        regsub "\r\n" $::remitente "" ::remitente
        regsub "\r" $::remitente "" ::remitente
        regsub "\n" $::remitente "" ::remitente
        regsub "mail from:" $::remitente "" ::remitente
        regsub " " $::remitente "" ::remitente
        set ::remitente [substr $::remitente 0 ">"]
    }   
    if { $lcpayload contains "rcpt to:" } {
        set ::destinatario_s $lcpayload
        regsub "\r\n" $::destinatario_s "" ::destinatario_s
        regsub "\r" $::destinatario_s "" ::destinatario_s
        regsub "\r" $::destinatario_s "" ::destinatario_s
        regsub "rcpt to:" $::destinatario_s "" ::destinatario_s
        regsub " " $::remitente "" ::remitente
        set ::destinatario_s [substr $::destinatario_s 0 ">"]
    }
    TCP::release 
    serverside { TCP::collect }
    # si $lcpayload contiene quit hacemos el logado de todo
    #if { $lcpayload contains "quit"} {
        log local0.7 "\[$::timestamp:$::fechahumana\] \[$::cip:$::cport $::vip:$::vport NAT:$::snat_ip:$::snat_port $::sip:$::sport\] \[$::remitente> $::destinatario_s> $::id_mensaje> \] "
    #}
}
when SERVER_DATA {
    set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
    set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
    set ::fechahumana "$fecha-$hora"
    set ::timestamp [TIME::clock seconds]
    set lspayload [string tolower [TCP::payload]]
    if { $lspayload contains "250 2.6.0 " } {
        regsub "250 2.6.0 " $lspayload "" ::id_mensaje
        set ::id_mensaje [substr $::id_mensaje 0 ">"]
    }
    TCP::release
    clientside { TCP::collect }
}

Thanx for all
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal