Re: Client IP address TPROXY alternatives?

From: Ross West <westr#connection.ca>
Date: Thu, 24 Jul 2008 08:52:56 -0400

DvD> Are there alternatives to get the client IP? Can't HAProxy simply sent
DvD> the client IP address plaintext when the connection has been initiated
DvD> so the mailserver can intercept that data and use it as client IP?

When it comes to SMTP, if you're lucky there's an extension within the smtp server that allows for the clean passing of the client IP/details in your situation. In postfix, there's the ESMTP 'xforward' extension - http://www.postfix.org/XFORWARD_README.html

But now you've got to create a 'smtp' mode within haproxy so that it understands the smtp protocol and can add the extra xforward header(s) into the stream cleanly. Unfortunately, this mode doesn't exist at the current time.

If you're willing to create it, I'm sure many many people would be very happy! (Myself included).

In the meantime, you're stuck doing smtp authentication to verify and limit the end point.

R.

-- 
Received on 2008/07/24 14:52

This archive was generated by hypermail 2.2.0 : 2008/07/24 15:00 CEST