Malin a révisé ce gist . Aller à la révision
2 files changed, 10 insertions
HaProxy-reverse-postfix-main.cf(fichier créé)
| @@ -0,0 +1,6 @@ | |||
| 1 | + | # This is required to support the proxy protocol to acquire the correct source ip address from whoever is connecting to this server | |
| 2 | + | # It's really important to get this information because otherwise ALL your connections will come from your internal ip address | |
| 3 | + | # Guess what you allow to send emails, without question? Thats right! You're $mynetworks. Which means because you cannot get the | |
| 4 | + | # correct source ip address, it permits EVERYBODY TO SEND EMAIL THROUGH YOUR SERVER! You basically become an open relay | |
| 5 | + | postscreen_upstream_proxy_protocol = haproxy | |
| 6 | + | postscreen_upstream_proxy_timeout = 5s | |
HaProxy-reverse-postfix-master.cf(fichier créé)
| @@ -0,0 +1,4 @@ | |||
| 1 | + | # from: from: https://serverfault.com/questions/922248/how-to-configure-postfix-behind-haproxy | |
| 2 | + | # Exposed SMTP service (postscreen support is needed to support the proxy protocol [search postscreen_upstream_proxy_protocol in main.cf]) | |
| 3 | + | smtp inet n - - - 1 postscreen | |
| 4 | + | smtpd pass - - - - - smtpd | |
Plus récent
Plus ancien