On 15/04/2023 12:53, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually connected with
vpn's to a cloud vps - but I'm hoping this is not relevant to this post). I
would like the gateway to send incoming port 25 traffic to the correct Exim
server based on SNI in incoming TLS packets - as different Exim instances serve
different email domains. The setup would look like this:
[Internet]
|
|
(smtp port 25)
|
v
|
[Cloud server]
|
v
|
----------------------------------------
| | |
| | |
[Exim server 1] [Exim server 2] [Exim server 3]
I would have preferred to do this at IP tables level - but apparently not
really possible. It seems the next option would be HAProxy. Has anyone here
used HAProxy or run a setup as above, or know if this is actually doable? Any
suggestions much appreciated.
Exim does talk the inbound-proxy protocol tha HAProxy apparently uses (or can
use):
https://exim.org/exim-html-current/doc/html/spec_html/ch-proxies.html#SECTproxyInbound
I can't really help on other HAProxy facilities or config though.
Another option for you would be to use Exim itself as the fanout element at your
"cloud server". It has visibility of the SNI and could use that for routing.
Indeed, if the configurations needed for the "Exim server N" elements are
sufficiently
similar and load & geography permits, you could collapse the lot into a single
Exim.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
