SMTP transparency co existence with front end LB 2016 exchnage

New post

drew

July 03, 2017 03:26

Hey all,

I have 2 VLMs configured to load balance exchange front end traffic and POP and they are working fine. I would like to also configure SMTP load balancing but with the requirement that the original source IP is passed through so the exchange receive connectors can keep their existing configuration. Can anyone provide steps to do this - I keep reading about changing default gateways and the like but I do not want to do that.

I know I can configure the Load balancers with out transparency but this would allow anyone that can send smtp mail to the VIP to be authenticated with exchange.

Thanks,

Drew

Date Votes

1 comment

Tony Vaughan July 03, 2017 07:47

Morning Drew,

just to recap some options regarding seeing the Source IP on the real server

Transparency

https://support.kemptechnologies.com/hc/en-us/articles/203126369-Transparency

DSR

https://support.kemptechnologies.com/hc/en-us/articles/203861685-Configuring-DSR

the downside to these options is that it requires changes to the network

X-forward for header

https://support.kemptechnologies.com/hc/en-us/articles/202744899-X-Forwarding-For-and-IIS-logging-for-non-transparent-services

this can only be used for HTTP or offloaded HTTPS services

ESP

this can be used to log the clients IP on the Loadmaster,but the real server will still see traffic from the Loadmaster not the Client

for you scenario,

if you are looking to lock-down who can and can't send mail.
you can set up transparency so the real server will allow or deny access based on the clients IP

you can set ACLs on the Loadmaster so the Loadmaster will allow or deny access based on the clients IP

more details on ACLs can be found here
https://support.kemptechnologies.com/hc/en-us/articles/202029385-Access-Control-Lists