SMTP transparency co existence with front end LB 2016 exchnage

0

Hey all,

 

I have 2 VLMs configured to load balance exchange front end traffic and POP and they are working fine. I would like to also configure SMTP load balancing but with the requirement that the original source IP is passed through so the exchange receive connectors can keep their existing configuration. Can anyone provide steps to do this - I keep reading about changing default gateways and the like but I do not want to do that.

I know I can configure the Load balancers with out transparency but this would allow anyone that can send smtp mail to the VIP to be authenticated with exchange.

 

Thanks,

Drew

 

1 comment

Avatar
0
Tony Vaughan

Morning Drew,

just to recap some options regarding seeing the Source IP on the real server

Transparency

https://support.kemptechnologies.com/hc/en-us/articles/203126369-Transparency

DSR

https://support.kemptechnologies.com/hc/en-us/articles/203861685-Configuring-DSR


the downside to these options is that it requires changes to the network


X-forward for header

https://support.kemptechnologies.com/hc/en-us/articles/202744899-X-Forwarding-For-and-IIS-logging-for-non-transparent-services

this can only be used for HTTP or offloaded HTTPS services

 

ESP


this can be used to log the clients IP on the Loadmaster,but the real server will still see traffic from the Loadmaster not the Client



 

for you scenario,

if you are looking to lock-down who can and can't send mail.
you can set up transparency so the real server will allow or deny access based on the clients IP

or

you can set ACLs on the Loadmaster so the Loadmaster will allow or deny access based on the clients IP



more details on ACLs can be found here
https://support.kemptechnologies.com/hc/en-us/articles/202029385-Access-Control-Lists