changeset 316:84a575614d3c

Correct Postfix PROXY listening (and sending) Listen on the PROXY address but bind to the public address so that we don't break SPF checking. Use "smtpd_…" setting when we're using smtpd not postscreen May not be fixed because we're still seeing errors, but it should be correct. Investigating "unsupported protocol type: PROXY TCP4".
author IBBoard <dev@ibboard.co.uk>
date Thu, 27 Feb 2020 21:00:28 +0000
parents 469f2ff92df2
children 2a20a5b7f65a
files modules/postfix/templates/master.cf.epp
diffstat 1 files changed, 5 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/modules/postfix/templates/master.cf.epp	Tue Feb 25 21:02:48 2020 +0000
+++ b/modules/postfix/templates/master.cf.epp	Thu Feb 27 21:00:28 2020 +0000
@@ -30,18 +30,21 @@
 <%- if $mailserver_proxy != undef { -%>
 [<%= $mailserver_proxy %>]:smtp      inet  n       -       n       -       1       postscreen
   -o postscreen_upstream_proxy_protocol=haproxy
+  -o smtp_bind_address6=<%= $mailserver_ip %>
   -o receive_override_options=no_address_mappings
   -o smtpd_sasl_auth_enable=no
 
 [<%= $mailserver_proxy %>]:smtps     inet  n       -       n       -       -       smtpd
-  -o postscreen_upstream_proxy_protocol=haproxy
+  -o smtpd_upstream_proxy_protocol=haproxy
+  -o smtp_bind_address6=<%= $mailserver_ip %>
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
 
 [<%= $mailserver_proxy %>]:submission inet n       -       n       -       -       smtpd
-  -o postscreen_upstream_proxy_protocol=haproxy
+  -o smtpd_upstream_proxy_protocol=haproxy
+  -o smtp_bind_address6=<%= $mailserver_ip %>
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject