SMTP from a fixed IP Address

SMTP from a fixed IP Address

We commonly need to allow legacy systems to send SMTP email, allowing them to select from arbitrary addresses in our domain. This might include network monitoring, blogs, wikis, websites, etc.
For spam prevention purposes, our SMTP servers also prohibit relaying, allowing the system-administrator to whitelist a set of IP’s.
In the public cloud, those IP’s can be inherently unknowable, variable, changing, broad.

IP audit transparency after NAT

IP audit transparency after NAT

A best practice is to audit connections. These audit records are consumed by SIEM systems.

In an orchestrated public cloud, we often have proxy servers hiding the origin IP. We also commonly have NAT performed by the cloud load-balancer.

Here we explain how you can obtain IP transparency through these systems, allowing your existing SIEM, fail-to-ban, geo-ip restriction, etc., systems to work without change, and without losing the elastic benefits these NAT and load balancers provide.