1. Kemp Support
  2. Community
  3. MS Exchange

MS Exchange OWA and spamfilter SMTP

New post
0
kristian
Follow
Avatar

Hi

I have setup a LB to service two Exchange 2016 servers. Thus, I have virtual services on port 80 and 443 using the Kemp MS Exchange Template In addition, on port 25 between the LB and the Exchange servers I have two spamfilter-servers that analyze the SMTP traffic using the SMTP template for the virtual service.

However, the spamfilter servers cannot see the beyond the Kemp LB and think that the LB local IP (192.168.100.100) is the spam source. Is it possible to set the SMTP template so that the Kemp LB  is not acting as a proxy server and therefore, every email coming into the spamfilter appears to come from the LB and that the LB is not hiding the identity of the actual sender?

Best regards,

Kristian

Date Votes

3 comments

Avatar
0
thomas.lamontanaro

Hi Kristian,

Our organization is about to do a similar setup with the same version of exchange. Did you end up going transparency mode or was there something else you needed to do?

Avatar
0
Brian Morich

Hi Thomas,

Transparency is one way to preserve the client's source IP address, but this requires the gateway of the server to be that of the LoadMaster's interface address.

However, there is another way of preserving the client's source IP address without changing the gateway of the server, which is Direct Server Return (DSR).

When this is utilized the LoadMaster accepts all the incoming traffic, but the exit traffic bypasses the LoadMaster therefore the servers would be responding directly to the clients.

Here you can find more information on configuring DSR

https://support.kemptechnologies.com/hc/en-us/articles/203861685-Configuring-DSR

Avatar
0
thomas.lamontanaro

Thanks Brian. In our instance, we will have two spam appliances acting as HA. I think our goal is have the LB handle all incoming/outgoing for the spam appliance setup. My fear was having the LB pass on email to the spam appliance showing LB as the only 'source' IP. A lot of the spam appliance rule sets are IP reputation so I would see that single source as a problem.