CirrostratusSMTP VIP - Pass Client IP Address
I've seen quite a few posts on here regarding SMTP and passing the client IP address to the server. I am bringing it back up b/c most of the threads I read were fairly old and/or incomplete and I wanted to make sure I understood the options/benefits, etc.
I have a virtual that points to SMTP servers. The issue is we are using SNAT so the SMTP servers are seeing the IP address of the F5 which impacts their ability to whitelist/blacklist things. Ultimately they want to see the IP address of the client.
As I understand it I have 3 options.
- Disable SNAT and make the F5 the default gateway for the SMTP servers
- Setup a forwarding virtual server as the SMTP VIP (I suspect that this would limit our ability to do things with APM or ASM if we were to chose too at a later date)
- Somehow insert the client IP address into the TCP header (similar to what x-forwarded-for does for http requests).
The third option seems like the best one for me, however I haven't yet seen exactly how to do that. Does it require an irule and if so is it really best practice to subject ALL of the inbound SMTP traffic to be inspected by an irule?
Is there some method I've left off? If someone does know how to elaborate on the 3rd option, is it an irule, and if so what sort of irule are we talking about? What header field would I insert the client IP address in? I read something about the "comments" field, but I don't know what that is in reference to b/c I didn't know the TCP header had a comments field (I'll do a little deeper digging once I'm done with this question).
Thanks in advance!
