Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Willy Tarreau <w <at> 1wt.eu>
Subject: Postfix 2.10 introduces support for the PROXY protocol
Newsgroups: gmane.comp.web.haproxy
Date: Monday 18th June 2012 05:55:53 UTC (over 5 years ago)
Hi,

I think this is of interested to a number of people here who use postfix
as their mail gateways/servers.

Wietse has worked with us to see how to implement the proxy protocol in
postscreen and smtpd so that postfix can be transparently load-balanced
by haproxy (or any other product implementing the same protocol). This
is particularly interesting since postscreen is able to block incoming
connections based on their IP address.

If some users here want to give it a try, the code is readily available,
and all the relevant info is provided in Wietse's mail forwarded below.
If you want to report success (or failures), please post them to the
postfix-users list (you need to be subscribed otherwise your mail will
silently be dropped).

In order to test it, you need haproxy-1.5dev and you have to specify
the "send-proxy" directive on the "server" line going to the postfix
server. For instance :

       server smtp1 192.168.0.1:25 send-proxy

Warning, if you use "option smtpchk", it will not work anymore since the
server expects a PROXY line first, which the checks don't send for now,
so you need to disable the option.

Please note that this work probably makes postfix the first PROXY to
XCLIENT gateway :-)

Regards,
Willy

----- Forwarded message from Wietse Venema
 -----

> Date: Sun, 17 Jun 2012 20:25:12 -0400 (EDT)
> From: [email protected] (Wietse Venema)
> Subject: Re: Make smtpd/Postscreen compatible with load balancers
> To: Postfix users 
> 
> Non-production release postfix-2.10-20120617-nonprod has support
> for up-stream proxy agents in postscreen(8) and smtpd(8).
> 
> To enable, specify one of:
> 
>     postscreen_upstream_proxy_protocol = haproxy
>     smtpd_upstream_proxy_protocol = haproxy
> 
> haproxy is not the only proxy agent that works with Postfix. Support
> for nginx with proxied SASL authentication is available in Postfix
> 2.9 smtpd(8). This uses the XCLIENT protocol.
> 
> 	Wietse

----- End forwarded message -----
 
CD: 4ms