Anton Hofland via Postfix-users:
> I have this milter that sits on a server which is not directly
> connected to the internet. Instead there is an internet facing firewall
> mail server in front of it which has all the usual defences. There are
> many reasons for this, some of which are just my preferences.
Use a firewall that does not change the remote client IP address.
Even the cheapest firewalls can do that nowadays.
> Anyway, I use the XFORWARD capability of Postfix to pass the original
> client address and other bits from the firewall mail server to the
> server with the milter. This server also has content filters and
> XFORWARD works well with those. However, the milter does not which is
> mostly the fault of the milter. It appears to use "i", "j" and
> "{auth_authen}".
XFORWARD does not override the client IP address. XFORWARD is for
LOGGING ONLY.
Use a better firewall. If that is not possible, use HAPROXY or
XCLIENT to change the Milter's idea of the remote client IP address.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
