On 12 October 2013 19:11, Abhishek Sharma <[email protected]> wrote: > Hi, > > I am evaluating HaProxy (after being recommended very highly by some of the > tech gurus i know) for one of my requirements. I have a mail server which > scales very well for multiple concurrent connections. The mails server uses > encrypted channel *SMTPS/IMAPS/POPS* > , basically ports 465/995/993 on SSL. > > My requirement is to put a filtering mechanism just before my mail server. > What I need is to filter incoming mails for certain rules and accordingly > either forward the mail to server or drop it.
HAProxy doesn't talk SMTP, IMAP or POP3, so the criteria you'll be able to use to reject *connections* will pretty much be restricted to the remote IP address and other non-protocol-specific information. You might be able to enforce some TLS-/SSL-level restrictions, but I suspect this isn't what you have in mind. Note that I said "connections", above. Because HAProxy won't look inside each opaque connection, you'll find multiple mails may be sent by the remote server on any one connection. > Now biggest challenge here > being the ssl/encrypted data. So I used stunnel/Stud and was able to > evaluate the architecture. It worked, but the trouble is I could'nt get it > to scale to high load. I want something that could handle 3000-4000 > concurrent mail connections at any given moment. > > How can I leverage haproxy for this architecture? I wouldn't, personally, for all sorts of reasons. Put something that speaks SMTP/etc as your first hop in the chain or, if you're still keen to shoehorn HAProxy in there, make sure you really *really* understand the nature of the spam and abuse you'll have to deal with because you opened up a SMTP port online. Just my 2 cents. Other opinions are available ;-) Jonathan -- Jonathan Matthews Oxford, London, UK http://www.jpluscplusm.com/contact.html
