Wietse: >A Postfix implementation will have to work for other use cases, >too. It would be good to know how nginx in forward proxy mode >handles or ignores client address and port info, now and in the >forseeable future.
Joachim Lindenberg via Postfix-users: > I double checked documentation at > https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind. > One can bind to an ip address but not to a port. Also the [] in > my proxy_bind turned out to cause errors in the logs but I > had to remove them to get the addressed to be used. I don?t really > see a use case for using the port outbound except for the transparent > use case, and probably the authors of nginx didn?t either. Actually > even the address can be irrelevant in many scenarios, I added it > because I have ipv6 privacy enhancements enabled but wanted email > to have a fixed ip with rDNS working. > > Wietse, can you please share use cases you have in mind besides > the one I provided? I could try to do some testing. The proxy protocol contains a protocol header, IP protocol version, source address and port, destination address and port. Except for source address and port everything has clear semantics. The Postfix settings for the rest will have to be disabled to avoid conflicting expectations. Wietse: >Presumably nginx closes the connection when it gives up, because >there is no other way to provide information back to the client. >It would be good to know what happens when the client gives up >sooner than the proxy, now and in the forseeable future. Joachim Lindenberg: > There are several timeouts which are configurable: > https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_timeout > https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_connect_timeout > https://nginx.org/en/docs/stream/ngx_stream_core_module.html#proxy_protocol_timeout > > Afai can tell, any error results in the client connection being > terminated with reasons only available in the error.log. Not sure > this is a real problem except for diagnostic situations where an > admin would have to look into two logs. In my scenario, the > diagnostic codes within the connections are more relevant than > connection drops. Obviously, nginx will not know the Postfix SMTP client protocol stage, and the nginx settings will have to match the largest Postfix timeouts to avoid persistent mail delivery problems with some sites. Settings optimal for Postfix may conflict with 'web' proxy usage. I still don't like this architecture. Many moving parts that don't know what the other parts are doing. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
