Hi Willy, I just tested it and it seems to work: Postfix logs, depending on the configuration:
No proxy protocol: Jun 28 06:14:46 sd-33932 postfix/smtpd[25335]: connect from localhost[127.0.0.1] Jun 28 06:15:07 sd-33932 postfix/smtpd[25335]: disconnect from localhost[127.0.0.1] With proxy protocol: Jun 28 06:17:16 sd-33932 postfix/smtpd[25486]: connect from xxx.domain.com[<public ip adress>] Jun 28 06:17:27 sd-33932 postfix/smtpd[25486]: disconnect from xxx.domain.com[<public ip adress>] I've not been further yet, but I know some people who will be very interested and able to go much further, hopefully they'll have some free time :) Cheers On Mon, Jun 18, 2012 at 7:55 AM, Willy Tarreau <[email protected]> wrote: > Hi, > > I think this is of interested to a number of people here who use postfix > as their mail gateways/servers. > > Wietse has worked with us to see how to implement the proxy protocol in > postscreen and smtpd so that postfix can be transparently load-balanced > by haproxy (or any other product implementing the same protocol). This > is particularly interesting since postscreen is able to block incoming > connections based on their IP address. > > If some users here want to give it a try, the code is readily available, > and all the relevant info is provided in Wietse's mail forwarded below. > If you want to report success (or failures), please post them to the > postfix-users list (you need to be subscribed otherwise your mail will > silently be dropped). > > In order to test it, you need haproxy-1.5dev and you have to specify > the "send-proxy" directive on the "server" line going to the postfix > server. For instance : > > server smtp1 192.168.0.1:25 send-proxy > > Warning, if you use "option smtpchk", it will not work anymore since the > server expects a PROXY line first, which the checks don't send for now, > so you need to disable the option. > > Please note that this work probably makes postfix the first PROXY to > XCLIENT gateway :-) > > Regards, > Willy > > ----- Forwarded message from Wietse Venema <[email protected]> ----- > >> Date: Sun, 17 Jun 2012 20:25:12 -0400 (EDT) >> From: [email protected] (Wietse Venema) >> Subject: Re: Make smtpd/Postscreen compatible with load balancers >> To: Postfix users <[email protected]> >> >> Non-production release postfix-2.10-20120617-nonprod has support >> for up-stream proxy agents in postscreen(8) and smtpd(8). >> >> To enable, specify one of: >> >> postscreen_upstream_proxy_protocol = haproxy >> smtpd_upstream_proxy_protocol = haproxy >> >> haproxy is not the only proxy agent that works with Postfix. Support >> for nginx with proxied SASL authentication is available in Postfix >> 2.9 smtpd(8). This uses the XCLIENT protocol. >> >> Wietse > > ----- End forwarded message ----- > >
