1

Can PowerMTA use HAProxy as a forward proxy to deliver mail using the IP address HAProxy is serving on?

This is not the typical use case of HAProxy because it's not load balancing, it is connecting THROUGH haproxy to use the IP address that HAProxy is on. They wrote an article about this here:

https://www.postmastery.com/powermta-5-0-using-a-proxy-for-email-delivery/

I've googled and not found much. The one article I did find is like the opposite of what I want:

https://www.linuxbabe.com/mail-server/smtp-imap-proxy-with-haproxy-debian-ubuntu-centos

They say to use the following:

frontend ft_smtp
      bind 12.34.56.78:25
      mode tcp
      timeout client 1m
      log global
      option tcplog
      default_backend bk_smtp

backend bk_smtp
      mode tcp
      log global
      option tcplog
      timeout server 1m
      timeout connect 7s
      server postfix 10.10.10.101:2525 send-proxy

I am wanting to connect to HAProxy on port 2525, and have it act as a proxy to connecting to smtp servers, i.e. test@gmail.com.

I am not sure if I explained this well enough, if not please let me know. Any help would be much appreciated as I can not find much online.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
brizz
  • 11
  • 2

2 Answers2

1

If you would like to use HAProxy as a "forward proxy" as you call it, you would basically flip the sides and end up with a reverse proxy for reverse proxying towards your own mail relays:

frontend ft_smtp
      bind 12.34.56.78:2525
      mode tcp
      timeout client 1m
      log global
      option tcplog
      default_backend bk_smtp

backend bk_smtp
      mode tcp
      log global
      option tcplog
      timeout server 1m
      timeout connect 7s
      server postfix 10.10.10.101:25 send-proxy

This means you can connect to HAProxy on 2525/tcp and will be forwarded to one of the servers added in the backend "bk_smtp" on the port specified. Using the "send-proxy" setting, you enable proxy protocol v1, which will transmit the original client's IP at the beginning of the session. Note that the application on 10.10.10.101:25 will have to support proxy protocol v1 in this case.

Remove the "send-proxy" to disable proxy protocol if the upstream (read "server") does not support this OR if you would like to make it look like the request came from the node your HAProxy instance is running on.

Add as many relaying mail servers to your backend as you like by replicating the line beginning with "server" and assigning it the name of your choice and the proper IP + port the mail relay is running on. In the default setting, HAProxy will cycle through them round-robin.

M. Schmidt
  • 193
  • 14
0

frontend ft_smtp

bind 12.34.56.78:2525 accept-proxy #write accept-proxy after bind.

backend bk_smtp

server s1 10.10.10.101:25 #remove send-proxy in this line.

user998199
  • 1
  • 1