Forum Discussion

Muhannad_64809's avatar
Muhannad_64809
Icon for Nimbostratus rankNimbostratus
Jan 31, 2018

SMTP Relay Whitelist

Dears,

 

I need help in the following case, We have implemented F5 LTM in SNAT mode to load balance SMTP traffic for Exchange servers 2016.

 

The exchange servers administrators are facing an issue with the SMTP relay whitle-list because the SMTP relay cant see the client IP addresses anymore, all SMTP traffic is coming from the Bigip address.

 

i have understood that we can change the NW design by making the LTM is the Gateway of the Exchange servers or we can add an IRule to filter the IP addresses but i was seeking a workaround to rewrite the client original address in the SMTP header or the connection (Same as the HTTP x-forward) so the SMTP relay can do the white-list filtering?

 

Please let me know if there is any IRule or workaround that can do the trick?

 

Regards, Muhannad

 

2 Replies

  • I have seen similar questions in the past. You already have the 2 possible solutions, default gateway to F5, or filtering with iRules. The filtering could be done with AFM if you have that.

     

    I don't know all the SMTP headers, but my understanding is that any server reference there is with name and not IP. If you know a header that you can change to add the original IP, that can work.

     

    You just need to do a TCP collect and change the payload.

     

    https://devcentral.f5.com/wiki/irules.tcp__collect.ashx

     

    However, I would assume that the access list on the server side is done when the connection is established. The payload content (SMTP data), is only looked after the connection is established, so no effect in this case.