HaProxy-reverse-postfix-main.cf
· 591 B · CFEngine3
Raw
# This is required to support the proxy protocol to acquire the correct source ip address from whoever is connecting to this server
# It's really important to get this information because otherwise ALL your connections will come from your internal ip address
# Guess what you allow to send emails, without question? Thats right! You're $mynetworks. Which means because you cannot get the
# correct source ip address, it permits EVERYBODY TO SEND EMAIL THROUGH YOUR SERVER! You basically become an open relay
postscreen_upstream_proxy_protocol = haproxy
postscreen_upstream_proxy_timeout = 5s
| 1 | # This is required to support the proxy protocol to acquire the correct source ip address from whoever is connecting to this server |
| 2 | # It's really important to get this information because otherwise ALL your connections will come from your internal ip address |
| 3 | # Guess what you allow to send emails, without question? Thats right! You're $mynetworks. Which means because you cannot get the |
| 4 | # correct source ip address, it permits EVERYBODY TO SEND EMAIL THROUGH YOUR SERVER! You basically become an open relay |
| 5 | postscreen_upstream_proxy_protocol = haproxy |
| 6 | postscreen_upstream_proxy_timeout = 5s |
HaProxy-reverse-postfix-master.cf
· 363 B · CFEngine3
Raw
# from: from: https://serverfault.com/questions/922248/how-to-configure-postfix-behind-haproxy
# Exposed SMTP service (postscreen support is needed to support the proxy protocol [search postscreen_upstream_proxy_protocol in main.cf])
smtp inet n - - - 1 postscreen
smtpd pass - - - - - smtpd
| 1 | # from: from: https://serverfault.com/questions/922248/how-to-configure-postfix-behind-haproxy |
| 2 | # Exposed SMTP service (postscreen support is needed to support the proxy protocol [search postscreen_upstream_proxy_protocol in main.cf]) |
| 3 | smtp inet n - - - 1 postscreen |
| 4 | smtpd pass - - - - - smtpd |