On Wed, Jan 07, 2015 at 01:31:45PM -0500, Wietse Venema wrote:
> Brad Riemann:
> > The issue, if you don't see it, is that postfix seems to be using
> > the load balancer ip as the last hop, and because the load balancer
> > is just pushing content through it is not recording the previous
> > hop to the headers, which is causing some issues..
>
> Postfix can get the client IP address from haproxy (uses haproxy
> protocol, supported in postscreen and smtpd) and from nginx (uses
> XCLIENT, supported in smtpd only).
>
> The client IP address is needed to for access decisions and for
> audit trail information (logging, headers, etc.).
>
> If your load balancer can provide that information, then I can try
> to add a driver to Postfix to use that information.
With F5/A10 load balancers it is common to configure them to inject
XCLIENT commands into the SMTP stream and then splice in the real
client EHLO/HELO after returning the server's banner.
Some folks using these at present might post a suitable connection
script or point you at a HOWTO for same.
--
Viktor.
