Thank you very much indeed for the quick response. I appreciate it and
I understand that XFORWARD is for logging and reporting purposes only.
I am afraid that HAPROXY is not an option for me but I will look
further at XCLIENT.
I think that this milter would probably have been better as a content
filter in my setup but it is not that. Changing one into the other
strikes me as less trivial than doing what Viktor suggested, i.e.
analyzing the relevant headers and gleening the information from there
exclusively for attribution, logging and reporting.
Thank you again, Anton
On Tue, 2024-09-10 at 08:21 -0400, Wietse Venema via Postfix-users
wrote:
> Anton Hofland via Postfix-users:
> > I have this milter that sits on a server which is not directly
> > connected to the internet. Instead there is an internet facing
> > firewall
> > mail server in front of it which has all the usual defences. There
> > are
> > many reasons for this, some of which are just my preferences.
>
> Use a firewall that does not change the remote client IP address.
> Even the cheapest firewalls can do that nowadays.
>
> > Anyway, I use the XFORWARD capability of Postfix to pass the
> > original
> > client address and other bits from the firewall mail server to the
> > server with the milter. This server also has content filters and
> > XFORWARD works well with those. However, the milter does not which
> > is
> > mostly the fault of the milter. It appears to use "i", "j" and
> > "{auth_authen}".
>
> XFORWARD does not override the client IP address. XFORWARD is for
> LOGGING ONLY.
>
> Use a better firewall. If that is not possible, use HAPROXY or
> XCLIENT to change the Milter's idea of the remote client IP address.
>
> Wietse
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail, if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
