Forum Discussion

a_basharat_2591's avatar
a_basharat_2591
Icon for Nimbostratus rankNimbostratus
Apr 29, 2019

SMTP [port25] VS configuration

Hi, I need to configure an SMTP [port 25] Virtual Server. I am used to configure VSs on port 443, my question regarding the new VS for SMTP is what I need to configure on the 'Configuration' section of the VS:

- HTTP profile: none, http or what?
- SSL Profile (Client): a normal client SSL client profile based on 'clientssl' with a signed certificate?
- SSL Profile (server): a normal server SSL server profile based?

Anything else on this section of the VS: 'Configuration'

Obviously the pool will have nodes configured on port 25.

7 Replies

  • It might depend on how you want the SMTP traffic to work.

     

    In my case with an Exchange 2016 server, the "default" SMTP setup caused us to not see the originating client IPs, which is a big deal for us, and since it's not HTTP/S traffic, X-Forwarded-For is of no help. I did get it to work by changing the Type to 'Performance (Layer 4)', and creating a fastL4 Protocol Profile (Client), and setting it to 'Loose Close: Enabled'

     

    Source Address Translation: None

     

    Source Port: Preserve Strict

     

    Hope that helps?

     

    • a_basharat's avatar
      a_basharat
      Icon for Nimbostratus rankNimbostratus

      The client said to me "For Hybrid connections SMTP over TLS is used, certificates are used on both sides over port 25". An explanation is provided here -

       

      According to that which option mentioned on the deployment guide [out of the 6 explained, page 3] we should be implementing?

       

    • Per_Hagstrom's avatar
      Per_Hagstrom
      Icon for Nimbostratus rankNimbostratus

      I think in my example, the traffic is "tunneled" through the F5, and the SMTP/TLS settings are all set on the Exchange server itself. So I believe you could use my example fine, if you want to keep the client IPs intact. (which is the main purpose I set it up that way) I guess, give it a try and see if it works?

       

  • It might depend on how you want the SMTP traffic to work.

     

    In my case with an Exchange 2016 server, the "default" SMTP setup caused us to not see the originating client IPs, which is a big deal for us, and since it's not HTTP/S traffic, X-Forwarded-For is of no help. I did get it to work by changing the Type to 'Performance (Layer 4)', and creating a fastL4 Protocol Profile (Client), and setting it to 'Loose Close: Enabled'

     

    Source Address Translation: None

     

    Source Port: Preserve Strict

     

    Hope that helps?

     

    • a_basharat's avatar
      a_basharat
      Icon for Nimbostratus rankNimbostratus

      The client said to me "For Hybrid connections SMTP over TLS is used, certificates are used on both sides over port 25". An explanation is provided here -

       

      According to that which option mentioned on the deployment guide [out of the 6 explained, page 3] we should be implementing?

       

    • Per_Hagstrom_71's avatar
      Per_Hagstrom_71
      Icon for Nimbostratus rankNimbostratus

      I think in my example, the traffic is "tunneled" through the F5, and the SMTP/TLS settings are all set on the Exchange server itself. So I believe you could use my example fine, if you want to keep the client IPs intact. (which is the main purpose I set it up that way) I guess, give it a try and see if it works?

       

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    a.basharat,

     

    SMTP won't need a http profile and port 25 SMTP traffic is usually unencrypted so no need to SSL client or server profiles. May I refer you to this SMTP iapp as this should provide more help and guidance on how to configure a SMTP VS SMTP iApp Template

     

    Hope this helps,

     

    N