Proxy protocol support

Kent Oyer kent at micro-source.net
Thu Oct 30 20:22:14 CET 2014 

Amavis will still see the IP of the Postfix server but that's ok because you've added it to the trusted_networks list so it will look at the previous Received header to do the RBL checks. But I do my RBL checks in Postfix anyway so it doesn't matter.

      

-----Original Message-----
From: Tom Sommer [mailto:mail at tomsommer.dk] 
Sent: Thursday, October 30, 2014 3:19 PM
To: Kent Oyer
Cc: Tom Johnson; amavis-users at amavis.org
Subject: RE: Proxy protocol support

Right, but you need the haproxy to be transparent, or RBLs etc. won't work in amavis? and what happens to the mail after amavis is done to it?

---
Tom Sommer

On 2014-10-30 20:16, Kent Oyer wrote:
> The messages come into Postfix first and Postfix creates a Received 
> header with the IP address of the originating server. Then Postfix 
> sends the message to localhost:10024 which is normally an instance of 
> amavis but in my case it's an instance of haproxy which load balances 
> between multiple amavis servers.
>        
> 
> -----Original Message-----
> From: Tom Sommer [mailto:mail at tomsommer.dk]
> Sent: Thursday, October 30, 2014 3:07 PM
> To: Tom Johnson
> Cc: Kent Oyer; amavis-users at amavis.org
> Subject: Re: Proxy protocol support
> 
> So how do you make sure the postfix and amavis instances see the IP of 
> the mailserver and not of the haproxy server?
> 
> ---
> Tom Sommer
> 
> On 2014-10-30 19:59, Tom Johnson wrote:
>> We just run postfix and amavisd-new on all our servers, and those sit 
>> behind haproxy.
>> 
>> 
>> 
>>> On Oct 30, 2014, at 11:53 AM, Kent Oyer <kent at micro-source.net>
>>> wrote:
>>> 
>>> Hi Tom,
>>> 
>>> I don't know if amavis supports the PROXY protocol but I kinda doubt 
>>> it. I've solved the problem by putting haproxy in between postfix 
>>> and amavis like this
>>> 
>>> --> Postfix (ingress) --> haproxy --> amavisd --> Postfix (egress)
>>> --> -->
>>> 
>>> The ingress Postfix server does all the SPF and RBL checks. Then it 
>>> sends the messages to haproxy which divides the load between several 
>>> amavis servers to do the heavy lifting. You should add the IP 
>>> address of the haproxy server to the trusted_networks list in Spamassassin.
>>> In my case, I'm running haproxy on the same machine as the ingress 
>>> Postfix server. So I have 2 Postfix/haproxy servers and 6 amavisd 
>>> servers followed by 2 Postfix egress servers. It been working great 
>>> so far.
>>> 
>>> Thanks
>>> Kent
>>> 
>>> -----Original Message-----
>>> From: Tom Sommer [mailto:mail at tomsommer.dk]
>>> Sent: Monday, October 27, 2014 8:42 AM
>>> To: amavis-users at amavis.org
>>> Subject: Proxy protocol support
>>> 
>>> Hi
>>> 
>>> Does amavis support the PROXY protocol?
>>> http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
>>> 
>>> I want to create an amavis cluster with a load-balancer in front of 
>>> all the nodes, I was thinking haproxy.
>>> I need the source IP in amavis to be the mailserver and not the load 
>>> balancer (to support forward_method=*), the PROXY protocol seem to 
>>> fix this?
>>> 
>>> Thanks
>>> 
>>> --
>>> Tom Sommer
>>> 
>>>

More information about the amavis-users mailing list