Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

X-Forwarded Rule for SMTP

Hello All,

We have an SMTP virtual server on our f5 Big IP VE 13.1.0 platform. It works without any issues. However, we would like to add a feature. Effectively, the auto-SNAT means the server owners lose visibility of the real client source IP addresses. We would like to implement an SMTP equivalent of X-forwarded in the header & was wondering if anybody had experience of creating the necessary iRule for this please?

Thanks & Regards, Graham.

0
Rate this Question
Comments on this Question
Comment made 3 months ago by Chase Abbott

Well.... I did do this with a pair of Ironports so to preserve source IP, we used the BIG-IP as the external gateway. The removed the need for SNAT preserving source to destination. Worked great. Separate interfaces did the internal SMTP forwarding to Exchange CAS/Transport servers.

If you cannot do this for architectural reasons then I'll defer to the rest of the community. I haven't configured SMTP with SNAT to date.

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

There is an example of the sending client ip to the smtp server: https://devcentral.f5.com/questions/irule-for-smtp-passing-client-ip-addr-to-backend-mail-servers

when CLIENT_ACCEPTED {
    set c-addr [IP::client_addr]
    log local0. "Client addr: $c-addr"
    STREAM::expression {@^EHLO.*\r\n@@ @^HELO.*\r\n@@}
    STREAM::enable
}

when STREAM_MATCHED {
    set mstring [STREAM::match]
    log local0. "STREAM_MATCHED: string: $mstring"
    set replacment [string range $mstring 0 1]
    append replacment "LO $c-addr\r\n"
    log local0. "STREAM_MATCHED: replacement string: $replacement"
    STREAM::replace "$mstring/$replacment"
    event STREAM_MATCHED disable
}

when SERVER_CONNECTED {
    STREAM::disable
}
0