1 Topic by fisher006

  • fisher006
  • Member
  • Offline
  • Registered: 2016-08-01
  • Posts: 46

Topic: postscreen and Haproxy

- iRedMail version (check /etc/iredmail-release):  0.9.5-1
- Linux/BSD distribution name and version:  centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue:



Hi,  I'm using haproxy with postscreen like here:

http://blog.haproxy.com/2012/06/30/effi … balancers/


but postscreen only transport traffic..
It is possible setup postscreen to transport trafic and block non legitimate traffic?

Now in maillog i have only transport:

Feb  9 10:00:01 mail4 postfix/postscreen[11904]: CONNECT from [xxx]:63585 to [xxx]:587
Feb  9 10:00:01 mail4 postfix/postscreen[11904]: WHITELISTED [xxx]:63585

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

fisher006 wrote:

It is possible setup postscreen to transport trafic and block non legitimate traffic?

What do you mean "non legitimate traffic"?

3 Reply by fisher006

  • fisher006
  • Member
  • Offline
  • Registered: 2016-08-01
  • Posts: 46

Re: postscreen and Haproxy

Now, postscreen only transport traffic from haproxy to iredmail server.
I want use postscreen to block RBL etc.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

iRedMail has DNSBL services enabled by postscreen:

postscreen_dnsbl_sites =
    zen.spamhaus.org=127.0.0.[2..11]*3
    b.barracudacentral.org=127.0.0.[2..11]*2

So it should work as you expect.

5 Reply by fisher006 (edited by fisher006 2017-02-09 18:41:59)

  • fisher006
  • Member
  • Offline
  • Registered: 2016-08-01
  • Posts: 46

Re: postscreen and Haproxy

i have in main.cf

postscreen_upstream_proxy_protocol = haproxy



postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_greet_action = enforce
postscreen_dnsbl_action = enforce
postscreen_blacklist_action = enforce

but in maillog i have only


Feb  9 10:00:01 mail4 postfix/postscreen[11904]: CONNECT from [xxx]:63585 to [xxx]:587
Feb  9 10:00:01 mail4 postfix/postscreen[11904]: WHITELISTED [xxx]:63585


maybe problem is in master.cf?

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
10023     inet  n     -     n     -     1     postscreen
smtp      inet  n    -    n    -    -    smtpd
smtpd     pass  -    -    n    -    -    smtpd
dnsblog   unix  -    -    n    -    0    dnsblog
tlsproxy  unix  -    -    n    -    0    tlsproxy
#submission inet n    -    n    -    -    smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING


submission inet n       -       n       -    -    smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026



#smtps     inet  n       -       n       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}

# Use dovecot deliver program as LDA.
dovecot unix    -       n       n       -       -      pipe
 flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

# Amavisd integration.
smtp-amavis unix -  -   n   -   60  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=120


#127.0.0.1:10025 inet n    -    n    -    - smtpd
#    -o content_filter=
#    -o local_recipient_maps=
#    -o relay_recipient_maps=
#    -o smtpd_restriction_classes=
#    -o smtpd_client_restrictions=
#    -o smtpd_helo_restrictions=
#    -o smtpd_sender_restrictions=
#    -o smtpd_recipient_restrictions=permit_mynetworks,reject
#    -o mynetworks=127.0.0.0/8
#    -o strict_rfc821_envelopes=yes
#    -o smtpd_error_sleep_time=0
#    -o smtpd_soft_error_limit=1001
#    -o smtpd_hard_error_limit=1000

127.0.0.1:10025 inet n  -   n   -   -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o strict_rfc821_envelopes=yes
    -o smtp_tls_security_level=none
    -o smtpd_tls_security_level=none
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
    -o smtpd_milters=

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

fisher006 wrote:

10023     inet  n     -     n     -     1     postscreen

You're running postscreen service on port 10023.

7 Reply by fisher006

  • fisher006
  • Member
  • Offline
  • Registered: 2016-08-01
  • Posts: 46

Re: postscreen and Haproxy

Yes, and when I change 10023 to smtp haproxy doesnt work. Maybe You have idea why and what settings is correct. Configuration is from here:

http://blog.haproxy.com/2012/06/30/effi … balancers/

8 Reply by fisher006

  • fisher006
  • Member
  • Offline
  • Registered: 2016-08-01
  • Posts: 46

Re: postscreen and Haproxy

if I change

10023     inet  n      -     n     -     1     postscreen
smtp      inet  n    -    n    -    -    smtpd
smtpd     pass  -     -    n    -    -    smtpd
dnsblog   unix  -     -    n    -    0    dnsblog
tlsproxy  unix  -     -    n    -    0    tlsproxy

to

#smtp       inet  n     -     -     -     -     smtpd
smtp      inet  n    -    n    -    1    postscreen
smtpd     pass  -    -    n    -    -    smtpd
dnsblog   unix  -    -    n    -    0    dnsblog
tlsproxy  unix  -    -    n    -    0    tlsproxy

I have error
Feb  9 22:52:09 mail4 postfix/postscreen[19681]: warning: haproxy read: time limit exceeded
Feb  9 22:52:10 mail4 postfix/postscreen[19681]: warning: haproxy read: time limit exceeded
Feb  9 22:52:10 mail4 postfix/postscreen[19681]: warning: haproxy read: time limit exceeded
Feb  9 22:52:11 mail4 postfix/postscreen[19681]: warning: haproxy read: time limit exceeded
Feb  9 22:52:11 mail4 postfix/postscreen[19681]: warning: haproxy read: time limit exceeded
Feb  9 22:52:11 mail4 postfix/postscreen[19681]: warning: haproxy read: time limit exceeded

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

I didn't get this error at all with postscreen running on port 25 (and this is what we expect postscreen to listen on).

10 Reply by raz

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

ZhangHuangbin wrote:

I didn't get this error at all with postscreen running on port 25 (and this is what we expect postscreen to listen on).



Hey Zhang,
I have the same problem here.
the thing is, if you you'll see the guide that he showed you, it says to use another port for the connection between the proxy and and postfix server.

but it doesn't really work in the iredmail system for some reason.
i want the proxy server to send the client's ip address to iredmail

any suggestions?
Thank you!

11 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

i think your haproxy + postfix configuration is not right.

Incoming smtp traffic -> HAProxy (port 25) -> Postfix (port 25, postscreen service)

No extra port required at all. But you must configure HAProxy to send the real client IP address, also, whitelist your haproxy server (private) IP in postfix for postscreen service. It works perfect for us.

12 Reply by raz

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

ZhangHuangbin wrote:

i think your haproxy + postfix configuration is not right.

Incoming smtp traffic -> HAProxy (port 25) -> Postfix (port 25, postscreen service)

No extra port required at all. But you must configure HAProxy to send the real client IP address, also, whitelist your haproxy server (private) IP in postfix for postscreen service. It works perfect for us.


The problem is when i use this option in the main.cf:

postscreen_upstream_proxy_protocol = haproxy

im not able anymore to send messages from the web mail.
and im not able to communicate with postfix in 127.0.0.1

13 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

raz wrote:

im not able anymore to send messages from the web mail.
and im not able to communicate with postfix in 127.0.0.1

webmail and other mail clients (Outlook, Thunderbird) should use port 587, not port 25. So no conflict in this case. The problem is why you use port 25 to send out email?

14 Reply by raz

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

Hey zhang,
i thought when web mail communicate with postfix in 127.0.0.1 it uses port 25
but still..i cannot communicate from webmail to postfix.

when this option enabled (postscreen_upstream_proxy_protocol = haproxy) in main.cf
you dont see any connection in mail.log (only from haproxy)
but when its disabled:

Apr 18 10:22:44 my postfix/postscreen[14593]: CONNECT from [127.0.0.1]:53472 to [127.0.0.1]:25
Apr 18 10:22:44 my postfix/postscreen[14593]: WHITELISTED [127.0.0.1]:53472
Apr 18 10:22:44 my postfix/smtpd[14594]: connect from my.server.email[127.0.0.1]
Apr 18 10:22:45 my postfix/smtpd[14594]: 0151F5FE20: client=my.server.email[127.0.0.1]
Apr 18 10:22:45 my postfix/cleanup[14597]: 0151F5FE20: message-id=<37be-58f5bf00-1-8c43540@107650857>
Apr 18 10:22:45 my postfix/qmgr[14580]: 0151F5FE20: from=<raz@test.com>, size=972, nrcpt=1 (queue active)
Apr 18 10:22:45 my postfix/smtpd[14594]: disconnect from my.server.email[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 18 10:22:45 my postfix/smtpd[14603]: connect from my.server.email[127.0.0.1]
Apr 18 10:22:45 my postfix/smtpd[14603]: ADB22605B4: client=my.server.email[127.0.0.1]
Apr 18 10:22:45 my postfix/cleanup[14597]: ADB22605B4: message-id=<37be-58f5bf00-1-8c43540@107650857>
Apr 18 10:22:45 my postfix/smtpd[14603]: disconnect from my.server.email[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 18 10:22:45 my postfix/qmgr[14580]: ADB22605B4: from=<raz@local.com>, size=1404, nrcpt=1 (queue active)
Apr 18 10:22:45 my amavis[27494]: (27494-18) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [127.0.0.1]:53472 <raz@local.com> -> <raz@test.com>, Queue-ID: 0151F5FE20, Message-ID: <37be-58f5bf00-1-8c43540@107650857>, mail_id: SK-UO7zCWwfS, Hits: -0.999, size: 972, queued_as: ADB22605B4, 631 ms, Tests: [ALL_TRUSTED=-1,HTML_MESSAGE=0.001]
Apr 18 10:22:45 my postfix/smtp[14598]: 0151F5FE20: to=<raz@test.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.9, delays=0.24/0.01/0/0.65, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as ADB22605B4)
Apr 18 10:22:45 my postfix/qmgr[14580]: 0151F5FE20: removed
Apr 18 10:22:47 my postfix/smtp[14604]: Untrusted TLS connection established to mail.test.com[*.*.*.*]:25: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)

what could be the problem?

Thank you
Raz

15 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

raz wrote:

Apr 18 10:22:44 my postfix/postscreen[14593]: WHITELISTED [127.0.0.1]:53472
Apr 18 10:22:44 my postfix/smtpd[14594]: connect from my.server.email[127.0.0.1]

As you can see, postscreen hands over the smtp connection to the real smtpd process, so no problem in this case.

What's your issue now?

16 Reply by raz

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

the log that i showed you is when i comment out this option: "postscreen_upstream_proxy_protocol = haproxy"
when i use it, there is no option to send emails from webmail,imap-pop and activesync
there is no log that mention the problem in mail.log and in webmail i get error of "gateway timed out"

Thank you
Raz

17 Reply by raz (edited by raz 2017-04-19 17:55:14)

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

[when i use it, there is no option to send emails from webmail,imap-pop and activesync]

my bad
i cannot send messages from webmail(sogo) and activesync
are you sure that sogo doesn't connect locally to postfix in port 25?

Thank you,
Raz

18 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

It's SOGo's fault. Check this 8-YEAR OLD issue:

- Support for SMTP SASL AUTH and SMTP TLS/SSL
  https://sogo.nu/bugs/view.php?id=31

Help update this issue to let SOGo developers know how important it is.

As a temporary solution, configure Postfix to listen on extra port (e.g. 10025), list your SOGo server in "-o mynetworks=".

19 Reply by raz

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

Thank you for answering,

Did it, but now there's new problem
there's no iredapd and amavis checks.
how can i make them listen to the new port as well?

Thank you

20 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

Why do you need iRedAPD/Amavisd listening on "non-standard" ports? Are you running HAProxy + iRedAPD + Amavisd on same server?

21 Reply by raz

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

ZhangHuangbin wrote:

Why do you need iRedAPD/Amavisd listening on "non-standard" ports? Are you running HAProxy + iRedAPD + Amavisd on same server?

Im running Haproxy in 1 server and all the iredmail system in another server
i need that cause if some client send messages from web mail(sogo) i want to make sure that he wont send spam/virus
and wont pass his messages limit.

what can i do?

22 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: postscreen and Haproxy

check their config files, they have parameters to set port numbers.

23 Reply by jackavin (edited by jackavin 2017-04-21 22:17:00)

  • jackavin
  • Member
  • Offline
  • Registered: 2016-05-25
  • Posts: 109

Re: postscreen and Haproxy

try

10023     inet  n      -     n     -     1     postscreen
 -o postscreen_upstream_proxy_protocol=haproxy

submission inet n       -       n       -       -       smtpd
....
-o smtpd_upstream_proxy_protocol=haproxy
  -o smtpd_upstream_proxy_timeout=30s

remove postscreen_upstream_proxy_protocol = haproxy in main.cf

24 Reply by raz

  • raz
  • Member
  • Offline
  • Registered: 2016-07-03
  • Posts: 59

Re: postscreen and Haproxy

it doesnt work for me.

i will explain to you what i need.
i have:
* 1 server of haproxy (gets imap,smtp,http,https connections)
* 2 servers of iredmail system (gets imap,smtp,https,http connections from haproxy)
* 1 servers of iredmail only for 587

i need haporxy to forward ip's to the 2 iredmail servers in port: 25,993,80,443

i have a problem only with smtp (25)

when i enable in main.cf file this option:
postscreen_upstream_proxy_protocol = haproxy
postscreen_upstream_proxy_timeout = 50s

the mails are being forward to postfix with the original ip.
the problem is, when im trying to send message from sogo im not allowed to connect to port 25 locally (127.0.0.1) anymore.
i did what you ask from me :"As a temporary solution, configure Postfix to listen on extra port (e.g. 10025), list your SOGo server in "-o mynetworks="."

and it seems that is works, but iredapd does not check the emails.
do i need to add something in master.cf for the iredapd check?
im stuck please help.

Thank you
Raz

25 Reply by jackavin

  • jackavin
  • Member
  • Offline
  • Registered: 2016-05-25
  • Posts: 109

Re: postscreen and Haproxy

put postscreen to another port such as 2525 put option only for this port

2525     inet  n       -       -       -       1       postscreen
-o postscreen_upstream_proxy_protocol = haproxy
-o postscreen_upstream_proxy_timeout = 50s

change 25 to smtpd

smtp     inet  n       -       n       -       -       smtpd