Forum Discussion
NimbostratusSMTP [port25] VS configuration
Hi, I need to configure an SMTP [port 25] Virtual Server. I am used to configure VSs on port 443, my question regarding the new VS for SMTP is what I need to configure on the 'Configuration' section of the VS:
- HTTP profile: none, http or what?
- SSL Profile (Client): a normal client SSL client profile based on 'clientssl' with a signed certificate?
- SSL Profile (server): a normal server SSL server profile based?
Anything else on this section of the VS: 'Configuration'
Obviously the pool will have nodes configured on port 25.
7 Replies
Per_HagstromIt might depend on how you want the SMTP traffic to work.
In my case with an Exchange 2016 server, the "default" SMTP setup caused us to not see the originating client IPs, which is a big deal for us, and since it's not HTTP/S traffic, X-Forwarded-For is of no help. I did get it to work by changing the Type to 'Performance (Layer 4)', and creating a fastL4 Protocol Profile (Client), and setting it to 'Loose Close: Enabled'
Source Address Translation: None
Source Port: Preserve Strict
Hope that helps?
a_basharatThe client said to me "For Hybrid connections SMTP over TLS is used, certificates are used on both sides over port 25". An explanation is provided here -
According to that which option mentioned on the deployment guide [out of the 6 explained, page 3] we should be implementing?
- Per_Hagstrom
I think in my example, the traffic is "tunneled" through the F5, and the SMTP/TLS settings are all set on the Exchange server itself. So I believe you could use my example fine, if you want to keep the client IPs intact. (which is the main purpose I set it up that way) I guess, give it a try and see if it works?
Per_Hagstrom_71It might depend on how you want the SMTP traffic to work.
In my case with an Exchange 2016 server, the "default" SMTP setup caused us to not see the originating client IPs, which is a big deal for us, and since it's not HTTP/S traffic, X-Forwarded-For is of no help. I did get it to work by changing the Type to 'Performance (Layer 4)', and creating a fastL4 Protocol Profile (Client), and setting it to 'Loose Close: Enabled'
Source Address Translation: None
Source Port: Preserve Strict
Hope that helps?
- a_basharat
The client said to me "For Hybrid connections SMTP over TLS is used, certificates are used on both sides over port 25". An explanation is provided here -
According to that which option mentioned on the deployment guide [out of the 6 explained, page 3] we should be implementing?
- Per_Hagstrom_71
I think in my example, the traffic is "tunneled" through the F5, and the SMTP/TLS settings are all set on the Exchange server itself. So I believe you could use my example fine, if you want to keep the client IPs intact. (which is the main purpose I set it up that way) I guess, give it a try and see if it works?
natheCirrocumulus
a.basharat,
SMTP won't need a http profile and port 25 SMTP traffic is usually unencrypted so no need to SSL client or server profiles. May I refer you to this SMTP iapp as this should provide more help and guidance on how to configure a SMTP VS SMTP iApp Template
Hope this helps,
N
