Forum Discussion
NimbostratusHelp needed with SMTP iRule
Hello experts,
Need your advise on the understanding of the below iRule. We have this problem in our environment, whenever any internal clients send emails to internally our exchange admins wants to see the original client IP address, at the moment our F5 is rewriting original IP as its self IP.
I have done some googling and found this below iRule and i feel that this might help me fix the problem.
Just needed your guidance on this, weather this iRule is correct or needs any modification.
when CLIENT_ACCEPTED { set accepted_snat "1.1.1.1"
if { [ class exists smtp_relay_allowed ] } { if { [class match [IP::client_addr] equals smtp_relay_allowed] } { snat $accepted_snat } else { snat automap } } else { snat automap } }
list of self IP configured in the F5 = smtp_relay_allowed
what is 1.1.1.1 ? what is smtp_relay_allowed ? My goal is to whenever any internal users send emails internally F5 shouldn't modify the original source IP
thank you so much
1 Reply
Greg_LabelleAn iRule will not assist you in this context. As long as SNAT is involved your exchange administrator will only see connections from an IP address on the F5 device.
You have a few options here.
You can leave the F5 in place and setup remote logging via syslog to have the F5 record details of each connection to a database.
You can leave the F5 in place, setup a routing virtual server, and configure exchange to use the F5 as their gateway. You could then disable SNAT and exchange will see real connection IP Addresses.
You can stop using the F5 to load balance SMTP traffic to exchange, and leverage DNS round robin instead. (not a great option)
