> With incoming mail, I can make use of HAProxy’s send-proxy feature to make > the source-IP known to the backend SMTP-servers. > (Works in the lab, I just need to move a few hundred customers off port 25 > for authenticated SMTP, as send-proxy is incompatible with authentication > (right?))
send-proxy just kicks in HAProxy's PROXY protocol which your backend servers need to be able to understand: http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt Authenticated vs unauthenticated vs encrypted SMTP shouldn't matter. As that's all sent after the initial PROXY line. If your backend MTA doesn't understand/expect the HAProxy PROXY protocol, it won't work period. I believe both Postfix and Exim support the HAProxy PROXY protocol. -J
