Asai:
> > If you can't do this without losing the remote SMTP client IP
> > address, your options are:
> >
> > - Install HAproxy on the "router", configure HaProxy to forward
> > mail to Postfix, and configure Postfix to use
> > "smtpd_upstream_proxy_protocol = haproxy".
> >
> > With this, Postfix CANNOT receive direct SMTP mail. It is not
> > guessing if a connection is made directly or through HAproxy.
> >
> > - Install nginx on the "router", configure nginx to send XCLIENT
> > commands to Postfix. and enable Postfix XCLIENT for the router's
> > IP address with "smtpd_authorized_xclient_hosts = 1.2.3.4".
> >
> > With this, Postfix can still receive direct SMTP mail.
> >
> > Wietse
>
> Thank you, Wietse, for your expertise here.
>
> If I may ask a couple more questions about this:
>
> With HAProxy, would it work to install a VM and point email traffic to
> it for both LAN and WAN traffic?
I don't understand this. What does it mean to point traffic (from
the internet? from the local network?) to a load balancer for LAN
(from the LAN? to the LAN?) or WAN (from the WAN? to the WAN?)
traffic.
Postfix supports load balancers for receiving mail. Postfix does not
support load balancers for sending mail.
> With Nginx XClient, would it also work to install this on a VM and have
> it handling incoming SMTP email traffic from the WAN while not affecting
> LAN SMTP traffic?
As I wrote a Postfix SMTP server process can receive mail from
an SMTP client and through nginx/XCLIENT.
As I wrote a Postfix SMTP server process cannot (receieve mail from
an SMTP client) and receive mail through HAproxy). You would need
to configure in master.cf a second smtpd process on a different
port or IP address, and use one process for SMTP clients and the
other for HaProxy.
> Do either of these options affect SMTP authentication over port 587?
HAproxy does not interfere with SMTP AUTH, it just passes bits.
You want to disable nginx SMTP AUTH support so that Postfix will
do it. nginx can do SMTP AUTH but that is only good for logging.
Wietse
