Re: postscreen_whitelist_interfaces behind proxy
Dave: > Hi, > > I'm running multiple Postfix MX servers behind HAProxy load balancer. I was > just configuring "MX Policy test" in postscreen and I couldn't get it work. > Then I tried to use the external IP (the one on the proxy) instead of the > one Postfix listens on. I suggest it could be mentioned in docs for anyone > else who would have similar setup (or am I missing something?) When email arrives through a proxy, the local server's IP address is irrelevant. I thought that should be obvious. > Also, it would be convenient to be able to set a port in > postscreen_whitelist_interfaces - so e.g. port 25 for primary MX and port > 2525 for "fake" backup MX with postscreen whitelisting disabled. Something > like: > > postscreen_whitelist_interfaces = !:2525 static:all That would have to be a new feauture, because all things on the right-hand side of the '=' would be matched against the form host:port (instead of 'host' as it is now). I can't break all the existing configurations. Wietse > I realize it doesn't have much use without proxy and it is not usual setup.. > But in my case, it would save me from configuring several IPs on several > machines. So, just a suggestion. > > Thanks, > > Dave > > > > > -- > View this message in context: > http://postfix.1071664.n5.nabble.com/postscreen-whitelist-interfaces-behind-proxy-tp86701.html > Sent from the Postfix Users mailing list archive at Nabble.com. >
Re: postscreen_whitelist_interfaces behind proxy
Hi, On 10/14/2016 02:30 PM, Dave wrote: I'm running multiple Postfix MX servers behind HAProxy load balancer. I was just configuring "MX Policy test" in postscreen and I couldn't get it work. please clarify whether you are using the haproxy PROXY protocol (See: http://permalink.gmane.org/gmane.comp.web.haproxy/8881 / http://www.postfix.org/postconf.5.html#postscreen_upstream_proxy_protocol)? Because in that case it would definitely be expected for postfix to be using the connection information from the frontend. Mit freundlichen Gruessen, Lukas Erlacher -- Rechnerbetriebsgruppe der Fakultäten Mathematik und Informatik Raum 00.05.042 Tel. 089-289-18258 erlac...@in.tum.de Technische Universität München - Boltzmannstr. 3 - 85748 Garching smime.p7s Description: S/MIME Cryptographic Signature
postscreen_whitelist_interfaces behind proxy
Hi, I'm running multiple Postfix MX servers behind HAProxy load balancer. I was just configuring "MX Policy test" in postscreen and I couldn't get it work. Then I tried to use the external IP (the one on the proxy) instead of the one Postfix listens on. I suggest it could be mentioned in docs for anyone else who would have similar setup (or am I missing something?) Also, it would be convenient to be able to set a port in postscreen_whitelist_interfaces - so e.g. port 25 for primary MX and port 2525 for "fake" backup MX with postscreen whitelisting disabled. Something like: postscreen_whitelist_interfaces = !:2525 static:all I realize it doesn't have much use without proxy and it is not usual setup.. But in my case, it would save me from configuring several IPs on several machines. So, just a suggestion. Thanks, Dave -- View this message in context: http://postfix.1071664.n5.nabble.com/postscreen-whitelist-interfaces-behind-proxy-tp86701.html Sent from the Postfix Users mailing list archive at Nabble.com.
