Limiting smtpd_upstream_proxy_protocol to certain IPs

Thu, 20 Aug 2020 04:30:21 -0700 

Hi,
I had the unfortunate situation the other day, that the network my postfix mailserver is in, was suddenly not reachable from parts of the Internet. Basically Vodafone messed up some internal filters. While they were trying to sort things out, I was having a look to see how I could reduce the impact of that problem. 


Until now, I had refrained from using a backup-mx as spam control 
becomes much harder if there's multiple MX servers, especially when the 
primary MX is offline.
In this situation, my primary MX was not offline, only not reachable for 
everyone.



My plan was to setup a proxy on a backup machine somewhere else and just 
proxy 25/tcp to my primary MX. My initial plan was to use 
smtpd_upstream_proxy_protocol = haproxy and thus inform the smtpd of the 
real source IP of the connection to make limits etc. work again.



Turns out, this is not really possible because if I read the code at 
https://github.com/vdukhovni/postfix/blob/e1b52f45e32e042b84c935f2a29baadefc62ff2d/postfix/src/smtpd/smtpd_peer.c#L548 
correctly, using haproxy is an all or nothing setting. If it's active, 
every single connection needs to have the source/protocol definition 
from the HAProxy proxy protocol attached. If not, postfix assumes an 
error and hangs up.



What I did end up doing was setup a slightly modified Python SMTP proxy 
that I had previously written which adds X-Client information to the 
Session to make things work. This worked nicely for me.



That being said, I think that it would be a really nifty feature - 
similiar to the smtpd_authorized_xclient_hosts setting - to have a
smtpd_upstream_proxy_hosts setting which limits the 
hangup-if-no-proxy-information-available functionality to these peers.
e.g. regular unproxied smtp connections are possible in parallel to 
proxied connections. Hangups only happen if a connection without proxy 
information comes in from a host defined to be a proxy.



I'm happy to give it a shot and see if my rusty C skills are good enough 
to implement that, but would such a feature have any chance of being 
merged? Or do you think this is not a good idea? Or did I just read the 
code incorrectly and stuff actually works fine?


cheers,
 Andreas






















					Reply via email to