Forum Discussion

Wouter_de_Bruin's avatar
Wouter_de_Bruin
Icon for Nimbostratus rankNimbostratus
Jun 30, 2008

Orirginal source address after SNAT - SMTP

Hello all,

 

not sure if this question fits here; please correct me otherwise...

 

 

We are implementing bigips for smtp services. The current setup is one where the clients access the smtp servers "directly". What I mean is that client source addresses are visible on the mta and in the mta logs. This way we can see which client address originated any smtp message.

 

The bigips in our new architecture are not in the same segment as the mta's, so we need to use SNAT, because of connectivity between servers behind the bigips. Lets just say we cannot do without SNAT.

 

Only problem now is that the mta logs only show the self-ips of the bigips as origin for all smtp messages. No way to determine which client is responsible for the smtp messages anymore.

 

 

Is there a way (Like with the http x-forwarded-for header) to preserve the original source address of an smtp packet, so the mta logs start making sense again?

 

 

All help seriously appreciated.

 

 

Wouter de Bruin
management
monitoring

3 Replies

Sort By
  • Singh_74932's avatar
    Singh_74932
    Icon for Nimbostratus rankNimbostratus
    Jun 30, 2008
    Lets see what experts have to say but i guess it will go towards X - forwarding

     

     

    https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
  • Wouter_de_Bruin's avatar
    Wouter_de_Bruin
    Icon for Nimbostratus rankNimbostratus
    Jun 30, 2008
    Doesn't solve my problem unfortunately ;-)

     

    X-forwarded-for is http and I'm talking smtp ........
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 30, 2008
    There aren't native SMTP iRule commands which would allow you to insert an SMTP header in requests. You would need to collect the TCP data, insert the new X- header in the payload and then replace the original payload with the new one. There is an SMTP proxy iRule in the Codeshare which may be a helpful reference. The TCP::payload wiki page (Click here) has some useful examples as well.

     

     

    Aaron