Forum Discussion
Wouter_de_Bruin
Nimbostratus
NimbostratusOrirginal source address after SNAT - SMTP
Hello all,
not sure if this question fits here; please correct me otherwise...
We are implementing bigips for smtp services. The current setup is one where the clients access the smtp servers "directly". What I mean is that client source addresses are visible on the mta and in the mta logs. This way we can see which client address originated any smtp message.
The bigips in our new architecture are not in the same segment as the mta's, so we need to use SNAT, because of connectivity between servers behind the bigips. Lets just say we cannot do without SNAT.
Only problem now is that the mta logs only show the self-ips of the bigips as origin for all smtp messages. No way to determine which client is responsible for the smtp messages anymore.
Is there a way (Like with the http x-forwarded-for header) to preserve the original source address of an smtp packet, so the mta logs start making sense again?
All help seriously appreciated.
Wouter de Bruin
Singh_74932Lets see what experts have to say but i guess it will go towards X - forwarding
https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
Wouter_de_BruinDoesn't solve my problem unfortunately ;-)
X-forwarded-for is http and I'm talking smtp ........
hoolioCirrostratus
There aren't native SMTP iRule commands which would allow you to insert an SMTP header in requests. You would need to collect the TCP data, insert the new X- header in the payload and then replace the original payload with the new one. There is an SMTP proxy iRule in the Codeshare which may be a helpful reference. The TCP::payload wiki page (Click here) has some useful examples as well.
Aaron