Am 17.04.2014 19:04, schrieb sedandgrep: > Yes you are correct. MTAs do send direct to other domains. But if there isn't > a way to get postfix to send via the proxy, it defeats the purpose for my > use. A workaround is simply to place the postfix/dovecot server on a > completely separate box and run no smtp/imap proxy at all. I would have > better performance but I would rather have the proxy deployed in front of > it. The idea is to protect the postfix server by not revealing its true IP
and what is the problem with it's true IP? if you don't trust your setup solve that problem tell us *one* valid reason to not have the MTA directly on the WAN and even if you find one then setup another postfix as "proxy" configure it to strip the received headers from the backend and enter that MTA in your config as relayhost and if you are at it mask also the users local addresses which are in the received headers and no proxy will strip them away, there are even good chances that you reveal your IP somewhere in the headers even behind the proxy honestly i am doing my job for some years now but i never faced a setup with a MTA behind a proxy to mask his IP
