SMTP Deployment

The LoadMaster can be used to load balance SMTP, SMTPS and SMTP-STARTLS.

Some of the common issues are described below.

SMTPS and SMTP-STARTLS

The LoadMaster can be used to SSL-offload SMTPS and SMTP-STARTLS to SMTP but it cannot re-encrypt SMTP-STARTLS.
If you want to load balance SMTP-STARTLS, the service type must be set to Generic or you must change the Real Server to accept SMTP.

SMTP-1.png
Figure 1: Straight through Virtual Service for SMTPS-STARTLS

SMTP-2.png
Figure 2: Virtual Service for SMTPS-STARTLS offloaded to SMTP

 

SMTP-6.png

Figure 3: Option for STARTTLS on Exchange server

 

Receive Connectors

From the Real Server's point of view, the LoadMaster must be allowed to connect to the receive connector.
SMTP-3.png

Figure 4: Receive connector on Exchange 2016

 

SMTP-4.png
Figure 5: Allowed IP addresses on receive connector - Exchange 2016

 

 

In this scenario, the address that must be added to the receive connector is dependent on the LoadMaster options.

SMTP-5.png
Figure 6: Virtual Service routing options


If you have Transparency enabled, this would be the IP address of the client.
If you have Subnet Originating Requests enabled, this would be the IP address of the individual active LoadMaster interface.

If you have Transparency and Subnet Originating Requests disabled, this would be the IP address of the Virtual Service.

If you want the Exchange server to allow or deny client access to the receive connector based on the IP address of the client, enable transparency on the LoadMaster.
For more details, refer to the Transparency Feature Description.


If you cannot use transparency, the alternative is to use Access Control Lists (ACLs) on the LoadMaster to allow or deny client access to the receive connector.
For more details, refer to this article: Creating an Access Control List (ACL).

Was this article helpful?

0 out of 0 found this helpful

Comments