SMTP Servers (BIG-IP v11.4, v12.x, v13: LTM, AFM)

This F5 deployment guide for SMTP implementations contains guidance on configuring the BIG-IP system version 11.4 and later for most SMTP server implementations, resulting in a secure, fast, and available deployment. This guide shows how to quickly and easily configure the BIG-IP LTM (Local Traffic Manager) and AFM (Advanced Firewall Manager) modules.

Specifically, this document shows how to configure the BIG-IP LTM to support the following common SMTP deployment scenarios. All scenarios also support the use of the Advanced Firewall Manager (AFM) module, and configuration guidance is included in the deployment guide.

  1. Standard unencrypted SMTP on the client and server side
  2. Client-side: SMTP encrypted with TLS/SSL; server-side: unencrypted SMTP (SSL Offload)
  3. Client-side: SMTP encrypted with TLS/SSL; server-side: SMTP encrypted with TLS/SSL (SSL Bridging)
  4. SMTP encrypted with TLS/SSL on both client and server sides (SSL Passthrough)
  5. Client-side: unencrypted SMTP; server-side: SMTP encrypted with TLS/SSL
  6. Client-side: SMTP with STARTTLS; server-side: unencrypted SMTP

The following logical configuration diagram shows the configuration for SSL offload for SMTP deployments.

Published June 14, 2018