SMTP Virtual Service...need to see clients IP

Hi. I have SMTP load balanced as part of an Exchange 2007 cluster. I am using one-arm mode for my AX devices, so am also using Source NAT on the service. Am also restricting access to the SMTP relay on the Exchange servers (not on AX's) by IP Address. Unfortunately when I send a message using SMTP the Exchange servers see the messages as coming from the virtual service source NAT IP, and not the actual client IP. Another post had a solution for this for HTTP, and there is an ISAPI filter for web services to allow the client IP to be seen. Is there something similar for SMTP (TCP/25)? If I allow the NAT IP address to use the Exchange SMTP relay, then the IP restrictions won't work anymore and any IP would be able to use the relay. Not good!
Thanks.

Comments

  • tmitsuhatatmitsuhata Member, Administrator, A10ers admin
    edited February 2014
    Hi Holyera,

    Did you try the "client-ip-insertion" option in TCP template and apply it to your SMTP VIP? This i s commonly used for FIX protocl. It does insert the client IP into TCP option field of type 0x1c, with a length of 6 bytes (hex format). Of course, you need to setup your Exchange server accordingly in order to look into this TCP option field for Client IP address checking (if possible).
    Hope it helps.

    === example ===
    slb template tcp ip_insert
    insert-client-ip
    slb virtual-server VIP-Exchange-SMTP 192.168.10.100
    port 25 tcp
    service-group SG-AS
    template tcp ip_insert
    ===================
Sign In or Register to comment.