Forum Discussion

khansafdarali1_'s avatar
khansafdarali1_
Icon for Nimbostratus rankNimbostratus
Aug 08, 2017

Unable to see the source IP address on SMTP VIP pool members.

We created a VIP (SMTP port 25) called cloudmail.freddiemac.com the VIP Pool members has Cisco ironport gateway which will be used for email security. We are unable to see the source IP address of the client because we have turned on automap. When we tried with automap disabled VIP was not working because of asynchronous routing issues. My question is

 

If there is a way we can see the Source IP address? If there is a way to see source IP address with automap disabled? Can we implement xforwarder for in SMTP? Will it work if the iron port gateway is changed to the floating IP address of the F5 LTM? Currently it is pointing to a switch

 

application delivery
BIG-IP
LTM

1 Reply

Sort By
  • crodriguez's avatar
    crodriguez
    Ret. Employee
    Aug 08, 2017

    The ideal configuration for back end servers is for their default route to take traffic back through the BIG-IP system so that the destination address/port translation that occurred on the inbound traffic can be "undone" on the outbound traffic. You can use the BIG-IP system's floating self IP address on the VLAN where your SMTP servers are as the default gateway for the servers. That will preserve the original client's IP address in the source field so that it is visible to the SMTP servers. SNAT (source address translation) is only required if, for whatever reason, you are unable to set the BIG-IP system as the server's default route.

     

    X-Forwarded-For is an HTTP header only - not available in SMTP. See Kevin Stewart's response to a similar question here: https://devcentral.f5.com/questions/smtp-support-with-x-forwarded-for-in-one-armed-deployment