Forum Discussion
MKuma
Nimbostratus
NimbostratusUnmask source ip address on smtp relay
Hi,
Could you help me unmask the source ip on the smtp servers.
This is current setup, clients smtp traffic hits the VIP on F5 listening on port 25, F5 does loadbalance and snat towards smtp servers. We are trying to figure the source ips on the smtp servers. How could we achieve this, help will be highly apreciated. Thanks
Hi MKuma ,
Without removing SNAT, as far as I know you are left two potential options.
- nPath aka Direct Server Return. This allows the server to see the real IP and respond directly to the client via its default gateway: https://support.f5.com/csp/article/K11116
or https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-local-traffic-manager-implementations/configuring-layer-3-npath-routing.html - or the PROXY protocol, which injects information via a header such as source ip, destination ip, port, and maybe more. F5 doesn't support the PROXY protocol natively, so you would need to use iRules: https://support.f5.com/csp/article/K40512493 Support will vary greatly among SMTP servers, unfortunately.
That said, removing the need for SNAT is the best way to get the true IP into the SMTP server, but of course it might mean you need to rearchitect how your mail servers connect to the F5.
Thanks,
Josh
MKumaThanks Josh!
- nPath aka Direct Server Return. This allows the server to see the real IP and respond directly to the client via its default gateway: https://support.f5.com/csp/article/K11116
