Preserve original source IP with SNAT for SMTP

Hi guys,

 

Reading through various posts here on devcentral I have a feeling I will not be able to achieve what I want but I rather ask again.

 

Our topology looks like: source -> firewall -> F5 LTM -> firewall -> router -> backend servers

 

I am trying to load balance SMTP but the server guys need to see the original source IP in order to allow or deny sending emails.

 

The problem is that I need to work with SNAT because the backend servers are far from the LB, behind another firewall and router. Their default gateway must be the one of the router.

 

If I keep the original source IPs, I would face asymmetric routing and the some firewall on the way back would kill the session.

 

We checked the backend SMTP server configuration and there is no other way to allow/deny sources there except of the IP addresses.

 

So can I load balance SMTP traffic with SNAT while somehow be able (on the backend server) to tell what was the original source IP?

 

Thanks.