Proxy protocol support

Kent Oyer kent at micro-source.net
Thu Oct 30 20:26:18 CET 2014


After amavis is done it sends it to one of my egress Postfix servers. The forward_method parameter in amavisd.conf can accept an array of values:

$forward_method = [
        'smtp:[172.16.1.177]:25',
        'smtp:[172.16.2.238]:25'
        ];
$notify_method = $forward_method;

Release notes:

- SMTP and LMTP client code now accepts a listref of peer socket
  specifications, or a single scalar specification as before. This allows
  for a failover in case some server is down or refuses connections.
  It also provides a simpleminded load balancing between next-hop
  (re-entry) MTA servers, as the selection from a list is random.
  Session caching still works, so if a recently used SMTP/LMTP session
  is still open, it will be reused, in which case no server randomization
  takes place as long as the established session remains open.

Kent
       

-----Original Message-----
From: Tom Sommer [mailto:mail at tomsommer.dk] 
Sent: Thursday, October 30, 2014 3:19 PM
To: Kent Oyer
Cc: Tom Johnson; amavis-users at amavis.org
Subject: RE: Proxy protocol support

Right, but you need the haproxy to be transparent, or RBLs etc. won't work in amavis? and what happens to the mail after amavis is done to it?

---
Tom Sommer

On 2014-10-30 20:16, Kent Oyer wrote:
> The messages come into Postfix first and Postfix creates a Received 
> header with the IP address of the originating server. Then Postfix 
> sends the message to localhost:10024 which is normally an instance of 
> amavis but in my case it's an instance of haproxy which load balances 
> between multiple amavis servers.
>        
> 
> -----Original Message-----
> From: Tom Sommer [mailto:mail at tomsommer.dk]
> Sent: Thursday, October 30, 2014 3:07 PM
> To: Tom Johnson
> Cc: Kent Oyer; amavis-users at amavis.org
> Subject: Re: Proxy protocol support
> 
> So how do you make sure the postfix and amavis instances see the IP of 
> the mailserver and not of the haproxy server?
> 
> ---
> Tom Sommer
> 
> On 2014-10-30 19:59, Tom Johnson wrote:
>> We just run postfix and amavisd-new on all our servers, and those sit 
>> behind haproxy.
>> 
>> 
>> 
>>> On Oct 30, 2014, at 11:53 AM, Kent Oyer <kent at micro-source.net>
>>> wrote:
>>> 
>>> Hi Tom,
>>> 
>>> I don't know if amavis supports the PROXY protocol but I kinda doubt 
>>> it. I've solved the problem by putting haproxy in between postfix 
>>> and amavis like this
>>> 
>>> --> Postfix (ingress) --> haproxy --> amavisd --> Postfix (egress)
>>> --> -->
>>> 
>>> The ingress Postfix server does all the SPF and RBL checks. Then it 
>>> sends the messages to haproxy which divides the load between several 
>>> amavis servers to do the heavy lifting. You should add the IP 
>>> address of the haproxy server to the trusted_networks list in Spamassassin.
>>> In my case, I'm running haproxy on the same machine as the ingress 
>>> Postfix server. So I have 2 Postfix/haproxy servers and 6 amavisd 
>>> servers followed by 2 Postfix egress servers. It been working great 
>>> so far.
>>> 
>>> Thanks
>>> Kent
>>> 
>>> -----Original Message-----
>>> From: Tom Sommer [mailto:mail at tomsommer.dk]
>>> Sent: Monday, October 27, 2014 8:42 AM
>>> To: amavis-users at amavis.org
>>> Subject: Proxy protocol support
>>> 
>>> Hi
>>> 
>>> Does amavis support the PROXY protocol?
>>> http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
>>> 
>>> I want to create an amavis cluster with a load-balancer in front of 
>>> all the nodes, I was thinking haproxy.
>>> I need the source IP in amavis to be the mailserver and not the load 
>>> balancer (to support forward_method=*), the PROXY protocol seem to 
>>> fix this?
>>> 
>>> Thanks
>>> 
>>> --
>>> Tom Sommer
>>> 
>>> 


More information about the amavis-users mailing list