F5 SMTPS STARTTLS iRule port 587 to 587 with SSL Bridging

smtps_starttls_irule.tcl

when RULE_INIT {
  set static::stls_greeting_rsp "220 SMTP ESMTP Relay F5\r\n"
  set static::stls_ready_rsp "220 2.0.0 SMTP server ready\r\n"
}
 
when CLIENT_ACCEPTED {
  log local0. "Client connected: [IP::client_addr]"
  set starttls 0
  set client_ehlo ""
  SSL::disable serverside
  SSL::disable clientside
  # Send an SMTP server greeting to get the ball rolling...
  TCP::respond $static::stls_greeting_rsp
  TCP::collect
}
 
when CLIENT_DATA {
  set payload [string tolower [TCP::payload]]
  log local0. "Client request: $payload"
  if { $payload starts_with "ehlo" or $payload starts_with "helo" } {
    # Store the initial EHLO for responding to email server greeting
    set client_ehlo [TCP::payload]
    TCP::payload replace 0 [TCP::payload length] ""
  } elseif { $payload starts_with "starttls" } {
    set starttls 1
    TCP::release
    return
  }
  # Keep collecting requests until we get the STARTTLS...
  set starttls 0
  TCP::release
  TCP::collect
}
 
when SERVER_CONNECTED {
  log local0. "Connected to server"
  TCP::collect
}
 
when SERVER_DATA {
  set payload [string tolower [TCP::payload]]
  log local0. "Server response: $payload"
   
  if { $payload starts_with "220" and $client_ehlo ne "" } {
   
    # Server is ready to accept the clients EHLO
    TCP::respond $client_ehlo
     
    # We don't want to send the server's greeting to the client
    TCP::payload replace 0 [TCP::payload length] ""
    set client_ehlo ""
  } elseif {$payload starts_with "220" and $starttls } {   
    # If server gives a 220 response, then start SSL at both ends
    clientside { TCP::respond $static::stls_ready_rsp }
    TCP::payload replace 0 [TCP::payload length] ""
    TCP::release
    SSL::enable serverside
    SSL::enable clientside
    return
    # You're welcome!
  }
  TCP::release
  TCP::collect
}