I will try to check this. My initial google searches do not show an easy to determine if proxy protocol is enabled on ELB. I will keep looking.
From: Justas Umbrasas <jus...@umb.lt> Sent: Thursday, June 10, 2021 12:39 AM To: Apelin, Eulogio <eulogio.ape...@hawaiianair.com>; postfix-us...@cloud9.net Subject: [NON-HA] Re: Need help with response to HELO, 502 5.5.2 Error *** CAUTION: This email originated from outside the organization *** Do NOT click links or open attachments unless you recognize the sender and know the content is safe. Hey, this looks like proxy protocol is enabled on the ELB, however it is not enabled in postfix. Check these options: http://www.postfix.org/postconf.5.html#postscreen_upstream_proxy_protocol<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.postfix.org%2Fpostconf.5.html%23postscreen_upstream_proxy_protocol&data=04%7C01%7Ceulogio.apelin%40hawaiianair.com%7C788a693b249c4f27f60808d92bfbf7dd%7C7256f6a7edb54fc5af65a7a9b07f2f00%7C0%7C0%7C637589183463569423%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EMbFXMqwjpHQI8Y4%2BQRYbRfqNC8I57uf%2Bgb5ARxwcT0%3D&reserved=0> http://www.postfix.org/postconf.5.html#smtpd_upstream_proxy_protocol<https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.postfix.org%2Fpostconf.5.html%23smtpd_upstream_proxy_protocol&data=04%7C01%7Ceulogio.apelin%40hawaiianair.com%7C788a693b249c4f27f60808d92bfbf7dd%7C7256f6a7edb54fc5af65a7a9b07f2f00%7C0%7C0%7C637589183463579377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gE7zKUk0HKbNOKKSTM%2BjOHUZPfgI6KJb2%2BsHJUexzRA%3D&reserved=0> Setting smtpd_upstream_proxy_protocol=haproxy should probably be enough if you are not using postscreen. On 2021-06-10 05:59, Apelin, Eulogio wrote: I am testing my mail server setup, when telnetting to port 25, I receive this interaction when I type 'helo myserver.com' 220 ******************************************************************* helo myserver.com 502 5.5.2 Error: command not recognized Connection to host lost. 1. The client I am telnetting from is in a subnet that is in mynetworks. BUT 1. A different client that is in a different subnet in mynetworks connects to this same mail server and will get 220 <the server hostname ESMTP Postfix (Red Hat). The helo and other commands will work. This postfix installation is on aws. It is an ec2 redhat instance. And elastic load balancer is also configured. The client that gets the 220 response with ********************** in the banner, is connecting like this: on prem client (internal private ip)-> site to site vpn to aws -> elastic load balancer (internal private ip)-> ec2 instance (internal private ip) The client that works fine has this network flow: Ec2 server in same vpc (internal private ip) -> elb (internal private ip) -> ec2 instance (internal private (ip) My current thought is that the reason the banner is 220 ********************* is why the client cannot sent email through this server. Please help!
