Forwarding Client IP in SMTP Header
Hey guys!
I had a weird request regarding forwarding client IP's. We have our junkmail server's which currently are terminated directly to our old Cisco ACE load-balancer, and use the ACE as their default-gateway. We set them up this way because the junkmail server's need to see the IP addresses of the clients that are connecting to them. Now that we are slowly moving our servers to the A-10 AX3030 we have, our supervisor wanted to know if it was possible to set up these junkmail servers in one-arm mode instead and have the client IP forwarded in a similar way like X-Forwarded-For. I am aware the X-Client-IP and X-Forwarded-For are for HTTP headers only, but is there a way you can deploy an aFlex script that would forward the client IP in a SMTP header?
Thank you!
Ehsan
I had a weird request regarding forwarding client IP's. We have our junkmail server's which currently are terminated directly to our old Cisco ACE load-balancer, and use the ACE as their default-gateway. We set them up this way because the junkmail server's need to see the IP addresses of the clients that are connecting to them. Now that we are slowly moving our servers to the A-10 AX3030 we have, our supervisor wanted to know if it was possible to set up these junkmail servers in one-arm mode instead and have the client IP forwarded in a similar way like X-Forwarded-For. I am aware the X-Client-IP and X-Forwarded-For are for HTTP headers only, but is there a way you can deploy an aFlex script that would forward the client IP in a SMTP header?
Thank you!
Ehsan
0
Comments
As your probably aware if you are not pointing the servers at the AX for their gateway you loose the client IP. I have not seen a script that would allow you to do that. Is there any reason you choose not to use the AX as the gateway for the servers.
Is the client IP required to do any form of verification on the SMTP server? Or is this for logging purposes only?
A belated thanks for the replies! Yeah I thought it was not possible to do this in one armed mode, but my supervisor wanted to look into it because he didn't want to create another context on the AX3030 just for the junkmail servers. In the end that's what we did, and had the junkmail servers point to the AX3030 as their DG, creating a new subnet and context and re-IP'ing the servers. It's all resolved, thanks!