aFlex for log mail from,to, on STARTTLS/TLS mails in ssl-proxy port

Community Forum Forums Thunder and AX Series aFleX aFlex for log mail from,to, on STARTTLS/TLS mails in ssl-proxy port

This topic contains 0 replies, has 1 voice, and was last updated by avatar alberto 5 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #16432
    avatar
    alberto
    Member

    Hi, i’m new in this forum and with a10 aFlex.

    Device: A10 thunder 3030s
    Os: 2.7.2-P11(build: 77)
    I’ve configured a SMTP service in one VIP with two ports:
    25 – SMTP
    2530 – STARTTLS/TLS (port with ssl-client template in mode ssl-proxy)
    and (for GDPR law) need to log the ip, mail from, mail to, message id, ip from, vip, nat,… but when mail is sended with starttls or tls i can’t do it.

    How can i do it succesfully?

    The aflex:

    # Script para capturar ip de origen del remitente, destinatario, remitente e id del mensaje
    # 1539078849:09/10/2018-11:54:09] [<ip_origen> <ipVIP> <ip Servidor>] [<remitente> <destinatario/s> <mensaje id>]
    when RULE_INIT {
        set ::cip "N/D"
        set ::cport "N/D"
        set ::vip "N/D"
        set ::vport "N/D"
        set ::fechahumana "N/D"
        set ::timestamp "N/D"
        set ::snat_ip "N/D"
        set ::snat_port "N/D"
        set ::sip "N/D"
        set ::sport "N/D"  
        set ::remitente "N/D" 
        set ::destinatario_s "N/D" 
        set ::id_mensaje "N/D"
    }
    
    when CLIENT_ACCEPTED {
        set ::cip [IP::client_addr]
        set ::cport [TCP::client_port]
        set ::vip [IP::local_addr]
        set ::vport [TCP::local_port]
        set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
        set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
        set ::fechahumana "$fecha-$hora"
        set ::timestamp [TIME::clock seconds]
    }
    
    when SERVER_CONNECTED {
        TCP::collect
        set ::snat_ip [IP::local_addr]
        set ::snat_port [TCP::local_port]
        set ::sip [IP::server_addr]
        set ::sport [TCP::server_port]    
        set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
        set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
        set ::fechahumana "$fecha-$hora"
        set ::timestamp [TIME::clock seconds] 
    }
    when CLIENT_DATA {
        set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
        set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
        set ::fechahumana "$fecha-$hora"
        set ::timestamp [TIME::clock seconds]
        set lcpayload [string tolower [TCP::payload]]
        regsub "\x0a" $lcpayload " " lcpayload
        #log local0.7 $lcpayload
        #log $lcpayload
        if { $lcpayload contains "mail from:" } {
            set ::remitente $lcpayload
            regsub "\r\n" $::remitente "" ::remitente
            regsub "\r" $::remitente "" ::remitente
            regsub "\n" $::remitente "" ::remitente
            regsub "mail from:" $::remitente "" ::remitente
            regsub " " $::remitente "" ::remitente
            set ::remitente [substr $::remitente 0 ">"]
        }   
        if { $lcpayload contains "rcpt to:" } {
            set ::destinatario_s $lcpayload
            regsub "\r\n" $::destinatario_s "" ::destinatario_s
            regsub "\r" $::destinatario_s "" ::destinatario_s
            regsub "\r" $::destinatario_s "" ::destinatario_s
            regsub "rcpt to:" $::destinatario_s "" ::destinatario_s
            regsub " " $::remitente "" ::remitente
            set ::destinatario_s [substr $::destinatario_s 0 ">"]
        }
        TCP::release 
        serverside { TCP::collect }
        # si $lcpayload contiene quit hacemos el logado de todo
        #if { $lcpayload contains "quit"} {
            log local0.7 "\[$::timestamp:$::fechahumana\] \[$::cip:$::cport $::vip:$::vport NAT:$::snat_ip:$::snat_port $::sip:$::sport\] \[$::remitente> $::destinatario_s> $::id_mensaje> \] "
        #}
    }
    when SERVER_DATA {
        set fecha [clock format [TIME::clock seconds] -format {%d/%m/%Y}]
        set hora [clock format [TIME::clock seconds] -format {%H:%M:%S}]
        set ::fechahumana "$fecha-$hora"
        set ::timestamp [TIME::clock seconds]
        set lspayload [string tolower [TCP::payload]]
        if { $lspayload contains "250 2.6.0 " } {
            regsub "250 2.6.0 " $lspayload "" ::id_mensaje
            set ::id_mensaje [substr $::id_mensaje 0 ">"]
        }
        TCP::release
        clientside { TCP::collect }
    }

    Thanx for all

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Comments are closed.