From: Carlos Jiménez (zuberoteleline.es)
Date: Sun Jan 06 2008 - 16:57:46 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: owner-postfix-userspostfix.org [mailto:owner-postfix-
> userspostfix.org] On Behalf Of Wietse Venema
> Sent: Thursday, January 03, 2008 1:14 AM
> To: Postfix users
> Subject: Re: RBL in Postfix with Load Balancing
>
> Victor Duchovni:
> > > if the load balancer implements the XCLIENT command (by sending it
> with
> > > infos on the original client), then postfix would get the IP.
> >
> > The load balancer we do this with can have a customizable
> conversation
> > with the server before it yields control to the client.
> >
> > Client->LB: Connect
> > LB->Server: Connect, wait for banner
> > Server->LB: 220 ...
> > LB->Server: XCLIENT ADDR=...
> > Server->LB: 250 ...
> > LB->Client: 220 ...
> > ... LB yields connection to client ...
> >
> > various error handling ...
>
> (forget about two server replies after XCLIENT; there is only one)
>
> I never thought of using XCLIENT this way.
>
> Does the load balancer provide the client hostname with the XCLIENT
> command? If not, then Postfix will use (and log) the real client
> address with the load balancer's hostname. It's not a big deal, it
> just means you can't have access rules based on the client hostname.
>
> Wietse

We have checked it and it not seems to support XCLIENT command. We believe
it is because this is an old CSS model.
I thought it could be any way to "bypass" this issue to obtain original
client IP/hostname. In fact, we are interested in obtaining sender IP (not
load balancer one) to have filtering rules based on it (i. e. Greylisting,
RBL...).
If our purpose of obtaining the IP is not possible, do you know any method
to implement some efficient (or similar) access rules?

Thank you,

Carlos.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]