You guys have been very helpful. Even if I needed a proxy, I should go with another postfix as proxy and not something else like nginx. The best solution is just a WAN facing postfix/dovecot but still use nginx for my actual web. I fear a web exploit would gain access to everything including the database if all on the same box, thats all.
Am 17.04.2014 19:04, schrieb sedandgrep: > Yes you are correct. MTAs do send direct to other domains. But if there > isn't > a way to get postfix to send via the proxy, it defeats the purpose for my > use. A workaround is simply to place the postfix/dovecot server on a > completely separate box and run no smtp/imap proxy at all. I would have > better performance but I would rather have the proxy deployed in front of > it. The idea is to protect the postfix server by not revealing its true IP and what is the problem with it's true IP? if you don't trust your setup solve that problem tell us *one* valid reason to not have the MTA directly on the WAN and even if you find one then setup another postfix as "proxy" configure it to strip the received headers from the backend and enter that MTA in your config as relayhost and if you are at it mask also the users local addresses which are in the received headers and no proxy will strip them away, there are even good chances that you reveal your IP somewhere in the headers even behind the proxy honestly i am doing my job for some years now but i never faced a setup with a MTA behind a proxy to mask his IP -- View this message in context: http://postfix.1071664.n5.nabble.com/smtp-bind-address-not-working-through-proxy-tp67034p67120.html Sent from the Postfix Users mailing list archive at Nabble.com.
