[pfx] Re: Postfix using proxy protocol outbound?

Thu, 21 Dec 2023 01:52:13 -0800 

Le 21/12/2023 à 10:03, Joachim Lindenberg via Postfix-users a écrit :

Emmanuel,
please read the thread 
https://www.mail-archive.com/postfix-users@postfix.org/msg100852.html  from the 
beginning. SOCKS5 was already considered as an alternative to proxy protocol.
If you want to bash nginx then please provide some substance. I am running 
multiple instances of web servers and proxies in and out to my satisfaction.
And it is my decision what level of security I want and also how to achieve 
that. There are reasons why I am not using gmail and also why I don´t want to 
run an external relay, mostly because I consider my emails private to the 
extend I can influence.

Hello,
Yes I closely following the list. I have read all the thread.
I don't bash nginx. I use nginx at very big scale all days a week for my work for what it is design to. Having worked for years for governmental organizations, I perfectly understand your security/privacy concern too. What I am saying is that your problem could be solved today at the network level or by using a relay. Each having pros and cons. What you want need some development in postfix and good design choice should be taken. 


What you need is a "TCP" proxy. What I am saying is that nginx is not a 
good candidate. Nginx is mainly a buffering HTTP proxy/reverse proxy 
and/or a HTTP TLS termination endpoint or raw N to 1 TCP proxy.
You don't want a relay because of privacy so you don't want TLS 
termination you want nginx acting as a pure raw tcp relay for outbound 
SMTP (1 to N) for which no standard/protocol exist (proxy CONNECT is 
clearly too coarse).
There is a standard for pure raw tcp relaying: SOCKS5. That why I think 
that IF something should be developed/implemented in postfix for 
outbound, SOCKS5 is one of the best candidate, better than HTTP proxy 
protocol.



I think that I have said all of what I could to help about this subject. 
Take it for what it is or not.


Regards,
Emmanuel.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


























					Reply via email to