To overcome this I placed an haproxy istance on every postfix node handling config by puppet instead of having a dedicated haproxy node.But this on a smaller environment 6 postfix 10 amavis.
On a larger environment like you are describing you would better try milter first. Milter sould also cut off returning traffic on port 10025. -------- Messaggio originale --------Da: Vitali Quiering <[email protected]> Data: 19/09/18 14:15 (GMT+01:00) A: [email protected] Oggetto: amavis behind haproxy Hello, I am planning to setup a clustered amavis setup with loadbalancing haproxy. There are approx. 80 standalone mailservers (postfix, dovecot) that will use the new amavis cluster. I thought about the setup like this: Postfix receives the mail and sends it (content-filter) to the haproxy on port 10024 which passes the tcp connection to one of the amavis servers on port 10024. After scanning amavis sends it back to postfix on port 10025. I already got the forward_method, socket_bind and inet_acl setup correctly. The problem I’m facing now is the ip that amavis sees and wants to send the result to. This is the haproxy ip address which of course doesn’t work. Is this possible at all? Do I need amavisd-milter? If yes, why? What’s different besides before or after queue? Thank you very much Regards, Vitali
