Forum Discussion
Eric_Van_Tol_10
Nimbostratus
NimbostratusiRule for policy-based routing using SMTP header
I am trying to figure out a way to solve a minor problem we have with an Ironport device that we are testing in our lab.
The Ironport can perform as both an incoming mail security gateway and an SMTP gateway. The way we're doing this is by configuring two IPs on the Ironport - one for each type of service. I've defined two external IPs on the F5 and all is working fine with the passing of traffic to each IP. Each IP on the Ironport has a different SNAT address to which it is assigned. For clarity purposes, here's what we have:
E-VIP1 = External Mail Security IP
E-VIP2 = External Mail Relay IP
I-IP1 = Ironport Mail Security IP
I-IP2 = Ironport Mail Relay IP
The Ironport seems to only support one default gateway that both IPs can use, which is pretty normal. When traffic comes in on E-VIP1, the session works and mail is accepted. Same with E-VIP2. The problem I'm having is that when the relay mail leaves the Ironport, it does not leave sourced by the I-IP2, but rather I-IP1. Because of this when the mail leaves the BIGIP, it uses the SNAT defined for I-IP1.
My proposed solution is to mark all mail received on E-VIP2 with a SMTP specific header and look for that header in all mail being sent out the E-VIP1 SNAT. It's basically doing policy-based routing via an SMTP header rather than IP source. Can this be done with an iRule?
Thanks in advance!
- The_BhattmanClick here To view a posting similiar to what you what you are requesting.
These links are off-topic but I hope they help
Click here to look at the code snippet for SMTP Proxy. It's a start.
Click here to look at offloading smtp encryption
/cb 
Eric_Van_Tol_10Thanks both of you for your input. I haven't looked it over in real detail yet, but I *think* this is sort of what I'm looking for, as cmbhatt pointed out:
http://devcentral.f5.com/Default.aspx?tabid=53&view=topic&postid=12256
I'm not looking to actually insert any header information into the session with the BIGIP. The header will be added by the Ironport. I just need to make sure that any SMTP return traffic from the Ironport that the BIGIP sees with "header-x" or whatever we decide on, is sent back out through the proper external IP.
