Thanks Viktor, I think I did figure out how to do this, but am getting odd pipelining errors when we add the xclient and new ehlo/helo headers.
Jan 8 08:14:00 mta01 postfix/smtpd[16360]: connect from edge.dc1.domain.com[172.16.###.###] Jan 8 08:14:00 mta01 postfix/smtpd[16360]: improper command pipelining after EHLO from edge.dc1.domain.com[172.16.###.###]: XCLIENT NAME=wsip-98-190-218-47.ga.at.cox.net ADDR=98.190.218.47\r\nEHLO wsip-98-190-218-47.ga.at.cox. I'm not familiar with the pipelining error, I've done some searching and usually people have issues with it if the client doesn't disconnect at the end of the message, not at the top of the message.. Any thoughts? Brad -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Wednesday, January 07, 2015 12:37 PM To: postfix-users@postfix.org Subject: Re: Issues using Postfix behind a load balancer On Wed, Jan 07, 2015 at 01:31:45PM -0500, Wietse Venema wrote: > Brad Riemann: > > The issue, if you don't see it, is that postfix seems to be using > > the load balancer ip as the last hop, and because the load balancer > > is just pushing content through it is not recording the previous hop > > to the headers, which is causing some issues.. > > Postfix can get the client IP address from haproxy (uses haproxy > protocol, supported in postscreen and smtpd) and from nginx (uses > XCLIENT, supported in smtpd only). > > The client IP address is needed to for access decisions and for audit > trail information (logging, headers, etc.). > > If your load balancer can provide that information, then I can try to > add a driver to Postfix to use that information. With F5/A10 load balancers it is common to configure them to inject XCLIENT commands into the SMTP stream and then splice in the real client EHLO/HELO after returning the server's banner. Some folks using these at present might post a suitable connection script or point you at a HOWTO for same. -- Viktor.
