Hello everyone
I would like to run postfix in a docker container, and receive emails
through HaProxy with SSL termination. So the setup I would like to
achieve is:
Web -> My Server -> HaProxy (SSL/TLS decryption) -> Into my server (as
localhost with zero encryption) -> docker container with postfix
handling the email (also dovecot, but that's irrelevant here)
Is that even possible? Please excuse my ignorance, because I run setups
usually by researching online and I'm not an expert, and the one I
currently have working is on bare-metal and works just fine, but it's
causing me issues on migration and down times, while I'm hoping docker
statelessness can help with that.
But why TLS termination at HaProxy specifically? Because the plan is to
only keep HaProxy with root access on bare-metal (and access to
certificates as root), while it wires all connections to internal ports.
This worked so far on everything except for postfix (and dovecot) due to
setup complexity and inability to see any logs from postfix (postfix
does log things like invalid configuration when started with start-fg,
but nothing else).
Currently, after disabling all TLS stuff in main.cf file (all smtpd tls
configs, including smtpd_tls_security_level, smtpd_tls_auth_only and
smtpd_use_tls), I only can telnet to port 587 (25 and 465 are
non-responsive), and I'm still required to provide STARTTLS command when
testing.
Is there a way to achieve the SSL/TLS termination I'm hoping to do? How
can I get postfix to forget about TLS and just work without any of it?
Best regards,
Sam
- Is pure SSL/TLS termination viable with postfix? Sam
-
