Proxy protocol support

Kent Oyer kent at micro-source.net
Thu Oct 30 20:16:29 CET 2014 

The messages come into Postfix first and Postfix creates a Received header with the IP address of the originating server. Then Postfix sends the message to localhost:10024 which is normally an instance of amavis but in my case it's an instance of haproxy which load balances between multiple amavis servers.
       

-----Original Message-----
From: Tom Sommer [mailto:mail at tomsommer.dk] 
Sent: Thursday, October 30, 2014 3:07 PM
To: Tom Johnson
Cc: Kent Oyer; amavis-users at amavis.org
Subject: Re: Proxy protocol support

So how do you make sure the postfix and amavis instances see the IP of the mailserver and not of the haproxy server?

---
Tom Sommer

On 2014-10-30 19:59, Tom Johnson wrote:
> We just run postfix and amavisd-new on all our servers, and those sit 
> behind haproxy.
> 
> 
> 
>> On Oct 30, 2014, at 11:53 AM, Kent Oyer <kent at micro-source.net> wrote:
>> 
>> Hi Tom,
>> 
>> I don't know if amavis supports the PROXY protocol but I kinda doubt 
>> it. I've solved the problem by putting haproxy in between postfix and 
>> amavis like this
>> 
>> --> Postfix (ingress) --> haproxy --> amavisd --> Postfix (egress) 
>> --> -->
>> 
>> The ingress Postfix server does all the SPF and RBL checks. Then it 
>> sends the messages to haproxy which divides the load between several 
>> amavis servers to do the heavy lifting. You should add the IP address 
>> of the haproxy server to the trusted_networks list in Spamassassin. 
>> In my case, I'm running haproxy on the same machine as the ingress 
>> Postfix server. So I have 2 Postfix/haproxy servers and 6 amavisd 
>> servers followed by 2 Postfix egress servers. It been working great 
>> so far.
>> 
>> Thanks
>> Kent
>> 
>> -----Original Message-----
>> From: Tom Sommer [mailto:mail at tomsommer.dk]
>> Sent: Monday, October 27, 2014 8:42 AM
>> To: amavis-users at amavis.org
>> Subject: Proxy protocol support
>> 
>> Hi
>> 
>> Does amavis support the PROXY protocol?
>> http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
>> 
>> I want to create an amavis cluster with a load-balancer in front of 
>> all the nodes, I was thinking haproxy.
>> I need the source IP in amavis to be the mailserver and not the load 
>> balancer (to support forward_method=*), the PROXY protocol seem to 
>> fix this?
>> 
>> Thanks
>> 
>> --
>> Tom Sommer
>> 
>>

More information about the amavis-users mailing list