We operate multiple Postfix instances behind HA-Proxies. The haproxy
upstream protocol is enabled:
(the IPs of the HA-proxies are in mynetworks)
There are brute-force attacks agains the SMTP servers (auth Backend is
OpenLDAP). We would like to block these clients and have found the
We experienced that these settings do not work behind HA-Proxies. Did we
missed a configuration settings? Did someone implement brute-force
restrictions behind HA-Proxies? If possible we would like to avoid
fail2ban or other tools on the HA-Proxies.
Your Feedback is highly appreciated!