Nat – Load balancing SMTP in a way that doesn’t hide the source IP address

load balancingnat;netscalersmtp

I need to load balance SMTP to handle some applications that don't know how to use MX records.

I set up a Netscaler using the TCP option on port 25 and now Exchange sees the source IP as that of the DMZ of the Netscaler for every connection, not the client.

enter image description here

Obviously this prevents RBLs, Whitelists, and all other IP-based reputation to fail. It also make it impossible to whitelist a trusted IP for anonymous relay.

Question

How should I configure the NetScaler (or Windows Load Balancing) so that I can allow load balancing yet still maintain visibility of the source IP?

Best Answer

I'm by no means an expert in load balancing but I think you'll want to enable Use Source IP Mode (USIP) on the NetScaler device. Detailed information and specifics are available here. Here's an excerpt:

Enable Use Source IP mode (USIP) mode if you want NetScaler to use the client's IP address for communication with the servers. By default, USIP mode is disabled. USIP mode can be enabled globally on the NetScaler or on a specific service. If you enable it globally, USIP is enabled by default for all subsequently created services. If you enable USIP for a specific service, the client's IP address is used only for the traffic directed to that service.

Best Answer

Related Solutions

SMTP server cannot email outside LAN

Linux – ISC DHCP fails to sync leases between peers

Related Topic