SMTP transparency co existence with front end LB 2016 exchnage


Hey all,


I have 2 VLMs configured to load balance exchange front end traffic and POP and they are working fine. I would like to also configure SMTP load balancing but with the requirement that the original source IP is passed through so the exchange receive connectors can keep their existing configuration. Can anyone provide steps to do this - I keep reading about changing default gateways and the like but I do not want to do that.

I know I can configure the Load balancers with out transparency but this would allow anyone that can send smtp mail to the VIP to be authenticated with exchange.





1 comment

Tony Vaughan

Morning Drew,

just to recap some options regarding seeing the Source IP on the real server



the downside to these options is that it requires changes to the network

X-forward for header

this can only be used for HTTP or offloaded HTTPS services



this can be used to log the clients IP on the Loadmaster,but the real server will still see traffic from the Loadmaster not the Client


for you scenario,

if you are looking to lock-down who can and can't send mail.
you can set up transparency so the real server will allow or deny access based on the clients IP


you can set ACLs on the Loadmaster so the Loadmaster will allow or deny access based on the clients IP

more details on ACLs can be found here