|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Carlos Jiménez (zubero
teleline.es)
Date: Sun Jan 06 2008 - 17:29:29 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: owner-postfix-userspostfix.org [mailto:owner-postfix-
> userspostfix.org] On Behalf Of Wietse Venema
> Sent: Monday, January 07, 2008 12:18 AM
> To: Postfix users
> Subject: Re: RBL in Postfix with Load Balancing
>
> Carlos Jim?nez:
> > > -----Original Message-----
> > > From: owner-postfix-userspostfix.org [mailto:owner-postfix-
> > > userspostfix.org] On Behalf Of Wietse Venema
> > > Sent: Thursday, January 03, 2008 1:14 AM
> > > To: Postfix users
> > > Subject: Re: RBL in Postfix with Load Balancing
> > >
> > > Victor Duchovni:
> > > > > if the load balancer implements the XCLIENT command (by sending
> it
> > > with
> > > > > infos on the original client), then postfix would get the IP.
> > > >
> > > > The load balancer we do this with can have a customizable
> > > conversation
> > > > with the server before it yields control to the client.
> > > >
> > > > Client->LB: Connect
> > > > LB->Server: Connect, wait for banner
> > > > Server->LB: 220 ...
> > > > LB->Server: XCLIENT ADDR=...
> > > > Server->LB: 250 ...
> > > > LB->Client: 220 ...
> > > > ... LB yields connection to client ...
> > > >
> > > > various error handling ...
> > >
> > > (forget about two server replies after XCLIENT; there is only one)
> > >
> > > I never thought of using XCLIENT this way.
> > >
> > > Does the load balancer provide the client hostname with the XCLIENT
> > > command? If not, then Postfix will use (and log) the real client
> > > address with the load balancer's hostname. It's not a big deal, it
> > > just means you can't have access rules based on the client
> hostname.
> >
> >
> > We have checked it and it not seems to support XCLIENT command. We
> believe
> > it is because this is an old CSS model.
> > I thought it could be any way to "bypass" this issue to obtain
> original
> > client IP/hostname. In fact, we are interested in obtaining sender IP
> (not
> > load balancer one) to have filtering rules based on it (i. e.
> Greylisting,
> > RBL...).
> > If our purpose of obtaining the IP is not possible, do you know any
> method
> > to implement some efficient (or similar) access rules?
>
> Postfix supports one mechanism to override the source IP address,
> and that is the XCLIENT command.
>
> Everything else requires major changes in the load balancer, so
> that forwards connections without altering the source IP address.
>
> Why use a load balancer in the first place? Contrary to what some
> people seem to believe, SMTP is not HTTP, and unless you have a
> shortage of IP addresses, avoid SMTP running servers behind a NAT.
>
> Wietse
Do you think it is better to use two MX than using one MX and a load
balancer with two Postfix Servers?
We thought in the load balancer because the customer had it (and he wanted
to use it) and thinking on redundancy capabilities with this device. Also,
it was easier for the customer to redirect all outgoing SMTP traffic to one
"Virtual IP" than configuring any kind of load balancing (to the IP
addresses of Postfix Servers) in their back-end Mail Server (Lotus Server).
I'd appreciate any suggestion.
Thank you,
Carlos.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]