Chris is the one who mentioned it (haproxy) and FWIW, based on the requirements you’ve stated in this thread, Chris’s setup seem to be pretty almost exactly what you want to do.
In case it got overlooked, I include the key EM here: ### BEGIN ### I have 3 instances of postfix running (because I travel) but this can work with 2. 1 server in the cloud, 2 locally one home one office. The 2 local postfix instances only accept public email from the cloud VM, but they accept local email (ipcam's, for example on the LAN). The MX record points to the cloud VM, should it pass the spam test then the 'clean' email is relayed to 1 of the 2 local postfix servers. The local servers then deliver to a local Dovecot, where I access my email from a local private IP on the LAN. Think of the flow like this. public email > Cloud VM (postscreen/rspamd test passes) > local Postfix > local Dovecot. Whichever local Dovecot received the message with replicate to the other site. I think of it this way, the email is coming from the public internet, so scan it while it's out on the public internet. If it passes the test, then it's considered 'good enough' to be delivered to one of the local servers. Internal email like ipcam's, server emails never leave the local LAN (except to be replicated to the other local site). Hope that makes sense. Chris. ### END ### > On Jun 9, 2019, at 4:46 PM, Ronald F. Guilmette <r...@tristatelogic.com> > wrote: > > > In message <45mwkn2svqzj...@spike.porcupine.org>, > Wietse wrote: > >>> Please clarify what I am missing if anything? >> >> I understand that Ron wants to run Postfix on a static IP addres >> in the cloud, but he does not want to store his email there, so >> that rules out IMAP. > > Yes. Exactly. > > The more I think about this (transparent TCP/25 proxying) idea, the more > I think it ought to work. I just have to find teh Right proxy software. > > Somebody mentioned haproxy and I'm looking at that now. It might do the > job. > > The problem will be convincing it to dynamically -change- the one and only > -other- IP address that it is proxying traffic to/from based on dynamic > changes to some (dynamic) DNS FQDN. If it can be coerced into doing that > then I think this will work. > > So anyway, that will be a total solution for the inbound side. My outbound > mail will have to be handled entirely separately. For that, I'll have to > use someone else's smarthost, or else roll my own, which is easy enough > to do, I think. > > If I get this all working, I'll have to do some modest write-up on it. > I already have a title! > > How To Run An SMTP Server on a Dynamic Line AND Get Away With It > > :-) > > > Regards, > rfg
