Proxy protocol support
kent at micro-source.net
Thu Oct 30 20:16:29 CET 2014
The messages come into Postfix first and Postfix creates a Received header with the IP address of the originating server. Then Postfix sends the message to localhost:10024 which is normally an instance of amavis but in my case it's an instance of haproxy which load balances between multiple amavis servers.
From: Tom Sommer [mailto:mail at tomsommer.dk]
Sent: Thursday, October 30, 2014 3:07 PM
To: Tom Johnson
Cc: Kent Oyer; amavis-users at amavis.org
Subject: Re: Proxy protocol support
So how do you make sure the postfix and amavis instances see the IP of the mailserver and not of the haproxy server?
On 2014-10-30 19:59, Tom Johnson wrote:
> We just run postfix and amavisd-new on all our servers, and those sit
> behind haproxy.
>> On Oct 30, 2014, at 11:53 AM, Kent Oyer <kent at micro-source.net> wrote:
>> Hi Tom,
>> I don't know if amavis supports the PROXY protocol but I kinda doubt
>> it. I've solved the problem by putting haproxy in between postfix and
>> amavis like this
>> --> Postfix (ingress) --> haproxy --> amavisd --> Postfix (egress)
>> --> -->
>> The ingress Postfix server does all the SPF and RBL checks. Then it
>> sends the messages to haproxy which divides the load between several
>> amavis servers to do the heavy lifting. You should add the IP address
>> of the haproxy server to the trusted_networks list in Spamassassin.
>> In my case, I'm running haproxy on the same machine as the ingress
>> Postfix server. So I have 2 Postfix/haproxy servers and 6 amavisd
>> servers followed by 2 Postfix egress servers. It been working great
>> so far.
>> -----Original Message-----
>> From: Tom Sommer [mailto:mail at tomsommer.dk]
>> Sent: Monday, October 27, 2014 8:42 AM
>> To: amavis-users at amavis.org
>> Subject: Proxy protocol support
>> Does amavis support the PROXY protocol?
>> I want to create an amavis cluster with a load-balancer in front of
>> all the nodes, I was thinking haproxy.
>> I need the source IP in amavis to be the mailserver and not the load
>> balancer (to support forward_method=*), the PROXY protocol seem to
>> fix this?
>> Tom Sommer
More information about the amavis-users