[pfx] Re: forward IP source from a postfix relay to a postfix server
Hi, very thanks. it is functionnal. Regards, On 01/11/2023 01:21, Wietse Venema via Postfix-users wrote: testeur via Postfix-users: Hi, Thx wietse for your help. I can understand now more precisely where to act. In the External_Postfix_relay, i use too amavis, spamassassin, policy-spf. Then i ve to indicate the "smtp_send_xforward_command=yes" option in the master.cf . But i don't know in which command precisely do i have to write in ? In the External_Postfix_relay SMTP client definition in master.cf, add smtp_send_xforward_command=yes for example /etc/postfix/master.cf: relay unix - - - - - smtp -o { smtp_send_xforward_command=yes } This assumes that you are using the "relay" transport to forward mail to the internal Postfix server. This SMTP client should be different from the 'default' SMTP client for outbound mail to the Internet. In the main.cf file of the internal Postfix server: /etc/postfix/main.cf: smtpd_authorized_xforward_hosts = 192.168.1.2 with the IP address of the External_Postfix_relay SMTP client. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: forward IP source from a postfix relay to a postfix server
testeur via Postfix-users: > Hi, > > Thx wietse for your help. > > I can understand now more precisely where to act. > > In the External_Postfix_relay, i use too amavis, spamassassin, > policy-spf. Then i ve to indicate the "smtp_send_xforward_command=yes" > option in the master.cf . But i don't know in which command precisely do > i have to write in ? In the External_Postfix_relay SMTP client definition in master.cf, add smtp_send_xforward_command=yes for example /etc/postfix/master.cf: relay unix - - - - - smtp -o { smtp_send_xforward_command=yes } This assumes that you are using the "relay" transport to forward mail to the internal Postfix server. This SMTP client should be different from the 'default' SMTP client for outbound mail to the Internet. In the main.cf file of the internal Postfix server: /etc/postfix/main.cf: smtpd_authorized_xforward_hosts = 192.168.1.2 with the IP address of the External_Postfix_relay SMTP client. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: forward IP source from a postfix relay to a postfix server
Hi, Thx wietse for your help. I can understand now more precisely where to act. In the External_Postfix_relay, i use too amavis, spamassassin, policy-spf. Then i ve to indicate the "smtp_send_xforward_command=yes" option in the master.cf . But i don't know in which command precisely do i have to write in ? I ve these commands (beetween others) available : * smtp/inet/command = smtpd -o smtpd_tls_security_level=none -o content_filter=spamassassin * spamassassin/unix/command = pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} * relay/unix/command = smtp -o smtp_fallback_relay= * smtp-amavis/unix/command = smtp -o syslog_name=postfix/amavis -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes -o max_use=20 -o smtp_tls_security_level=none * 127.0.0.1:10025/inet/command = smtpd -o syslog_name=postfix/10025 -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8,0.0.0.0/0 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks * policy-spf/unix/command = spawn user=nobody argv=/usr/bin/policyd-spf I ve the same question about the "smtpd_authorized_xforward_hosts" option in the Internal_Postfix_server. Maybe the smtp would be the good option !? Regards, PG On 11/10/2023 23:16, Wietse Venema via Postfix-users wrote: testeur via Postfix-users: Hi, Well. i read it : https://postfix.traduc.org/index.php/XFORWARD_README.html But i don't know how to implement that in postfix (master.cf ?) ?! the link explain the "protocol"... there's no howto to do it... if someone know an howto somewhere ? You could try; postconf | grep xforward And then look at the parameters: To send XFORWARD: https://www.postfix.org/postconf.5.html#smtp_send_xforward_command To receive XFORWARD: https://www.postfix.org/postconf.5.html#smtpd_authorized_xforward_hosts Wietse Regards, PG On 11/10/2023 00:20, Wietse Venema via Postfix-users wrote: testeur via Postfix-users: Hi, I don't understand how the External_Postfix_relay server could send XCLIENT commands to the final postfix server ? is there some modifications to do in the master.cf file ? You asked how to impersonate a client or server TCP endpoint. Postfix supports receiving TCP endpoint impersonation commands using two protocols: XCLIENT (used by nginx) and the HaProxy protocol. The primary use cases are load balancers and policy testing. There is no code in Postfix to send XCLIENT or HaProxy commands for the simple reason that no-one has needed it. Postfix does support sending XFORWARD commands with remote SMTP client information for the purpose of logging, not impersonantion. It is typically used with SMTP-based content filters. Wietse Regards, On 08/10/2023 22:19, Wietse Venema via Postfix-users wrote: testeur via Postfix-users: Hi, I try to find a solution to forward the IP source from the postfix relay to the final postfix server (internal). Mail_Message sent to -> External_Postfix_relay (ip source from client ok) -> Internal_Postfix_server (ip source from external postfix relay, not the one from client's mail_message) How can i do that ? If you want to propagate the remote SMTP client IP address or the External_Postfix_relay server IP address, the External_Postfix_relay server could send XCLIENT commands to the final postfix server (internal). See https://www.postfix.org/XCLIENT_README.html Or you could use Postfix's HaProxy protocol support in the final postfix server (internal) to get a similar result. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___
[pfx] Re: forward IP source from a postfix relay to a postfix server
testeur via Postfix-users: > Hi, > > Well. > i read it : > https://postfix.traduc.org/index.php/XFORWARD_README.html > But i don't know how to implement that in postfix (master.cf ?) ?! the > link explain the "protocol"... > there's no howto to do it... > > if someone know an howto somewhere ? You could try; postconf | grep xforward And then look at the parameters: To send XFORWARD: https://www.postfix.org/postconf.5.html#smtp_send_xforward_command To receive XFORWARD: https://www.postfix.org/postconf.5.html#smtpd_authorized_xforward_hosts Wietse > Regards, > > PG > > On 11/10/2023 00:20, Wietse Venema via Postfix-users wrote: > > testeur via Postfix-users: > >> Hi, > >> > >> I don't understand how the External_Postfix_relay server could send > >> XCLIENT commands to the final postfix server ? > >> is there some modifications to do in the master.cf file ? > > You asked how to impersonate a client or server TCP endpoint. Postfix > > supports receiving TCP endpoint impersonation commands using two > > protocols: XCLIENT (used by nginx) and the HaProxy protocol. The > > primary use cases are load balancers and policy testing. > > > > There is no code in Postfix to send XCLIENT or HaProxy commands > > for the simple reason that no-one has needed it. > > > > Postfix does support sending XFORWARD commands with remote SMTP > > client information for the purpose of logging, not impersonantion. > > It is typically used with SMTP-based content filters. > > > > Wietse > > > >> Regards, > >> > >> On 08/10/2023 22:19, Wietse Venema via Postfix-users wrote: > >>> testeur via Postfix-users: > Hi, > > I try to find a solution to forward the IP source from the postfix relay > to the final postfix server (internal). > > Mail_Message sent to -> External_Postfix_relay (ip source from client > ok) -> Internal_Postfix_server (ip source from external postfix relay, > not the one from client's mail_message) > > How can i do that ? > >>> If you want to propagate the remote SMTP client IP address or the > >>> External_Postfix_relay server IP address, the External_Postfix_relay > >>> server could send XCLIENT commands to the final postfix server > >>> (internal). See https://www.postfix.org/XCLIENT_README.html > >>> > >>> Or you could use Postfix's HaProxy protocol support in the final > >>> postfix server (internal) to get a similar result. > >>> > >>> Wietse > >>> ___ > >>> Postfix-users mailing list -- postfix-users@postfix.org > >>> To unsubscribe send an email to postfix-users-le...@postfix.org > >> ___ > >> Postfix-users mailing list -- postfix-users@postfix.org > >> To unsubscribe send an email to postfix-users-le...@postfix.org > >> > > ___ > > Postfix-users mailing list -- postfix-users@postfix.org > > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: forward IP source from a postfix relay to a postfix server
Hi, Well. i read it : https://postfix.traduc.org/index.php/XFORWARD_README.html But i don't know how to implement that in postfix (master.cf ?) ?! the link explain the "protocol"... there's no howto to do it... if someone know an howto somewhere ? Regards, PG On 11/10/2023 00:20, Wietse Venema via Postfix-users wrote: testeur via Postfix-users: Hi, I don't understand how the External_Postfix_relay server could send XCLIENT commands to the final postfix server ? is there some modifications to do in the master.cf file ? You asked how to impersonate a client or server TCP endpoint. Postfix supports receiving TCP endpoint impersonation commands using two protocols: XCLIENT (used by nginx) and the HaProxy protocol. The primary use cases are load balancers and policy testing. There is no code in Postfix to send XCLIENT or HaProxy commands for the simple reason that no-one has needed it. Postfix does support sending XFORWARD commands with remote SMTP client information for the purpose of logging, not impersonantion. It is typically used with SMTP-based content filters. Wietse Regards, On 08/10/2023 22:19, Wietse Venema via Postfix-users wrote: testeur via Postfix-users: Hi, I try to find a solution to forward the IP source from the postfix relay to the final postfix server (internal). Mail_Message sent to -> External_Postfix_relay (ip source from client ok) -> Internal_Postfix_server (ip source from external postfix relay, not the one from client's mail_message) How can i do that ? If you want to propagate the remote SMTP client IP address or the External_Postfix_relay server IP address, the External_Postfix_relay server could send XCLIENT commands to the final postfix server (internal). See https://www.postfix.org/XCLIENT_README.html Or you could use Postfix's HaProxy protocol support in the final postfix server (internal) to get a similar result. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: forward IP source from a postfix relay to a postfix server
testeur via Postfix-users: > Hi, > > I don't understand how the External_Postfix_relay server could send > XCLIENT commands to the final postfix server ? > is there some modifications to do in the master.cf file ? You asked how to impersonate a client or server TCP endpoint. Postfix supports receiving TCP endpoint impersonation commands using two protocols: XCLIENT (used by nginx) and the HaProxy protocol. The primary use cases are load balancers and policy testing. There is no code in Postfix to send XCLIENT or HaProxy commands for the simple reason that no-one has needed it. Postfix does support sending XFORWARD commands with remote SMTP client information for the purpose of logging, not impersonantion. It is typically used with SMTP-based content filters. Wietse > Regards, > > On 08/10/2023 22:19, Wietse Venema via Postfix-users wrote: > > testeur via Postfix-users: > >> Hi, > >> > >> I try to find a solution to forward the IP source from the postfix relay > >> to the final postfix server (internal). > >> > >> Mail_Message sent to -> External_Postfix_relay (ip source from client > >> ok) -> Internal_Postfix_server (ip source from external postfix relay, > >> not the one from client's mail_message) > >> > >> How can i do that ? > > If you want to propagate the remote SMTP client IP address or the > > External_Postfix_relay server IP address, the External_Postfix_relay > > server could send XCLIENT commands to the final postfix server > > (internal). See https://www.postfix.org/XCLIENT_README.html > > > > Or you could use Postfix's HaProxy protocol support in the final > > postfix server (internal) to get a similar result. > > > > Wietse > > ___ > > Postfix-users mailing list -- postfix-users@postfix.org > > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: forward IP source from a postfix relay to a postfix server
Hi, I don't understand how the External_Postfix_relay server could send XCLIENT commands to the final postfix server ? is there some modifications to do in the master.cf file ? Regards, On 08/10/2023 22:19, Wietse Venema via Postfix-users wrote: testeur via Postfix-users: Hi, I try to find a solution to forward the IP source from the postfix relay to the final postfix server (internal). Mail_Message sent to -> External_Postfix_relay (ip source from client ok) -> Internal_Postfix_server (ip source from external postfix relay, not the one from client's mail_message) How can i do that ? If you want to propagate the remote SMTP client IP address or the External_Postfix_relay server IP address, the External_Postfix_relay server could send XCLIENT commands to the final postfix server (internal). See https://www.postfix.org/XCLIENT_README.html Or you could use Postfix's HaProxy protocol support in the final postfix server (internal) to get a similar result. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: forward IP source from a postfix relay to a postfix server
testeur via Postfix-users: > Hi, > > I try to find a solution to forward the IP source from the postfix relay > to the final postfix server (internal). > > Mail_Message sent to -> External_Postfix_relay (ip source from client > ok) -> Internal_Postfix_server (ip source from external postfix relay, > not the one from client's mail_message) > > How can i do that ? If you want to propagate the remote SMTP client IP address or the External_Postfix_relay server IP address, the External_Postfix_relay server could send XCLIENT commands to the final postfix server (internal). See https://www.postfix.org/XCLIENT_README.html Or you could use Postfix's HaProxy protocol support in the final postfix server (internal) to get a similar result. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org