From: Carlos Jiménez (zuberoteleline.es)
Date: Sun Jan 06 2008 - 16:50:08 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: owner-postfix-userspostfix.org [mailto:owner-postfix-
> userspostfix.org] On Behalf Of Justin McAleer
> Sent: Thursday, January 03, 2008 2:43 PM
> To: Carlos Jiménez
> Cc: postfix-userspostfix.org
> Subject: Re: RBL in Postfix with Load Balancing
>
> Carlos Jiménez wrote:
> >
> > Hello, everybody:
> >
> >
> >
> > I have two server with Postfix running as a Mail Gateway with
> antispam
> > filtering. These two computers are connected to a load balancer
> > (hardware appliance). Unfortunately, this device receives all SMTP
> > traffic and modifies IP value of the sender with its own (load
> > balancer IP).
> >
>
> Do you need to have the load balancer doing source NAT? Most hardware
> load balancers have the option to do that, where you see only
> connections from the load balancer itself, or to pass the traffic
> "straight" through to the hosts behind the balancer, so the servers
> would see the actual client IPs. We have 4 front-end Postfix servers
> set
> up without source NAT behind our load balancer. It does require your
> Postfix servers to have public IP addresses, though.
>
> I just wanted to ask, even though you may well have good reason to be
> configured that way, because it would be the easiest way to fix your
> problem.
>
> > We have configured a filtering based on RBL’s, but it doesn’t work
> > because this IP address is a valid one.
> >
> > We should use RBL’s based on domain name, but would it be possible to
> > configure Postfix to skip the IP of the load balancer and just
> > filtering the IP of the original sender?
> >
> > If it is not possible, do you know an efficient way to bypass this
> issue?
> >
> >
> >
> > We are now using RBL’s, but we’d like later to implement GreyListing
> > and a few filters based on sender IP.
> >
> >
> >
> >
> >
> > Thank you in advance.
> >
> >
> >
> > Carlos.
> >

What is the other way to configure the load balancer different from doing
source NAT? In our case, we have two Postfix servers running like just one;
I mean, we have just created a MX entry. All stmp traffic goes to the load
balancer and there it redirects smtp session to one or the other Postfix
server. Until here this is the common load balancing function, is it
correct? But we thought it could be possible to do with load balancer
running in a "transparent" mode, just a virtual IP address for SMTP traffic
balancing without changing identity.
These two Postfix Servers run like SMTP Gateway then they are clear for
sender and recipient. We don't need that Postfix servers have public IP
because all the incoming and outcoming smtp traffic goes through the load
balancer.

Maybe we have done a bad implementation, in that case, what do you recommend
us?

Just a note: This load balancer is an old device and maybe several
functionalities are not supported.

Thank you,

Carlos.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]