Andreas Thienemann:
> That being said, I think that it would be a really nifty feature -
> similiar to the smtpd_authorized_xclient_hosts setting - to have a
> smtpd_upstream_proxy_hosts setting which limits the
> hangup-if-no-proxy-information-available functionality to these peers.
> e.g. regular unproxied smtp connections are possible in parallel to
> proxied connections. Hangups only happen if a connection without proxy
> information comes in from a host defined to be a proxy.
>
> I'm happy to give it a shot and see if my rusty C skills are good enough
> to implement that, but would such a feature have any chance of being
> merged? Or do you think this is not a good idea? Or did I just read the
> code incorrectly and stuff actually works fine?
This should probably be a postscreen_upstream_proxy_protocol_maps
feature that maps the client IP address to a proxy protocol. It
would be clumsy if one has to 'authorize' an IP address with one
main.cf setting and then has to use a separate setting to specify
the protocol.
Postfix cannot auto-detect if a connection is is direct or haproxy,
because with direct connection the server speaks first, while with
haproxy the client speaks first.
Wietse
