RE: Proxy protocol support

Thu, 30 Oct 2014 12:20:17 -0700

Right, but you need the haproxy to be transparent, or RBLs etc. won't work in amavis? and what happens to the mail after amavis is done to it? 

---
Tom Sommer

On 2014-10-30 20:16, Kent Oyer wrote:

The messages come into Postfix first and Postfix creates a Received
header with the IP address of the originating server. Then Postfix
sends the message to localhost:10024 which is normally an instance of
amavis but in my case it's an instance of haproxy which load balances
between multiple amavis servers.
       

-----Original Message-----
From: Tom Sommer [mailto:[email protected]]
Sent: Thursday, October 30, 2014 3:07 PM
To: Tom Johnson
Cc: Kent Oyer; [email protected]
Subject: Re: Proxy protocol support

So how do you make sure the postfix and amavis instances see the IP of
the mailserver and not of the haproxy server?

---
Tom Sommer

On 2014-10-30 19:59, Tom Johnson wrote:

We just run postfix and amavisd-new on all our servers, and those sit
behind haproxy.
On Oct 30, 2014, at 11:53 AM, Kent Oyer <[email protected]> wrote: 

Hi Tom,

I don't know if amavis supports the PROXY protocol but I kinda doubt
it. I've solved the problem by putting haproxy in between postfix and
amavis like this

--> Postfix (ingress) --> haproxy --> amavisd --> Postfix (egress)
--> -->

The ingress Postfix server does all the SPF and RBL checks. Then it
sends the messages to haproxy which divides the load between several
amavis servers to do the heavy lifting. You should add the IP address
of the haproxy server to the trusted_networks list in Spamassassin.
In my case, I'm running haproxy on the same machine as the ingress
Postfix server. So I have 2 Postfix/haproxy servers and 6 amavisd
servers followed by 2 Postfix egress servers. It been working great
so far.

Thanks
Kent

-----Original Message-----
From: Tom Sommer [mailto:[email protected]]
Sent: Monday, October 27, 2014 8:42 AM
To: [email protected]
Subject: Proxy protocol support

Hi

Does amavis support the PROXY protocol?
http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt

I want to create an amavis cluster with a load-balancer in front of
all the nodes, I was thinking haproxy.
I need the source IP in amavis to be the mailserver and not the load
balancer (to support forward_method=*), the PROXY protocol seem to
fix this?

Thanks

--
Tom Sommer

Reply via email to