Forum Discussion

Basavaraj_16797's avatar
Basavaraj_16797
Icon for Nimbostratus rankNimbostratus
Feb 24, 2016

Help needed with SMTP iRule

Hello experts,

 

Need your advise on the understanding of the below iRule. We have this problem in our environment, whenever any internal clients send emails to internally our exchange admins wants to see the original client IP address, at the moment our F5 is rewriting original IP as its self IP.

 

I have done some googling and found this below iRule and i feel that this might help me fix the problem.

 

Just needed your guidance on this, weather this iRule is correct or needs any modification.

 

when CLIENT_ACCEPTED { set accepted_snat "1.1.1.1"

 

if { [ class exists smtp_relay_allowed ] } { if { [class match [IP::client_addr] equals smtp_relay_allowed] } { snat $accepted_snat } else { snat automap } } else { snat automap } }

 

list of self IP configured in the F5 = smtp_relay_allowed

 

what is 1.1.1.1 ? what is smtp_relay_allowed ? My goal is to whenever any internal users send emails internally F5 shouldn't modify the original source IP

 

thank you so much

 

application delivery
iRules

1 Reply

Sort By
  • Greg_Labelle's avatar
    Greg_Labelle
    Icon for Nimbostratus rankNimbostratus
    Feb 25, 2016

    An iRule will not assist you in this context. As long as SNAT is involved your exchange administrator will only see connections from an IP address on the F5 device.

     

    You have a few options here.

     

    You can leave the F5 in place and setup remote logging via syslog to have the F5 record details of each connection to a database.

     

    You can leave the F5 in place, setup a routing virtual server, and configure exchange to use the F5 as their gateway. You could then disable SNAT and exchange will see real connection IP Addresses.

     

    You can stop using the F5 to load balance SMTP traffic to exchange, and leverage DNS round robin instead. (not a great option)