On 15/04/2023 18:44, Andrew C Aitchison wrote:
On Sat, 15 Apr 2023, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually
connected with vpn's to a cloud vps - but I'm hoping this is not
relevant to this post). I would like the gateway to send incoming port
25 traffic to the correct Exim server based on SNI in incoming TLS
packets - as different Exim instances serve different email domains.
The setup would look like this:
[Internet]
|
|
(smtp port 25)
|
v
|
[Cloud server]
|
v
|
----------------------------------------
| | |
| | |
[Exim server 1] [Exim server 2] [Exim server 3]
I would have preferred to do this at IP tables level - but apparently
not really possible. It seems the next option would be HAProxy. Has
anyone here used HAProxy or run a setup as above, or know if this is
actually doable? Any suggestions much appreciated.
Will the mail storage be on these machines running exim ?
Don't forget about balancing dovecot, or whatever will make the mailboxes
available to your users, too.
Each box behind the proxy/nat has Exim and Dovecot on it - serving their
own domain and users separate from other boxes.
Since you have different domains, my first thought would just be to
assign them different MXes with different IPs ...
This is the situation now. But managing a full set of internet
connections with fixed IP addresses and reverse dns records is turning
into a major drag. Every time the internet connection on one of the
boxes has to change provider, it becomes a whole project managing the
migration, with downtime while the provider assigns a PTR record to the
connection. On occasion it has taken 2 weeks. This is why I would like
to have all boxes use one single public IP address and one PTR record
through the VPS / cloud server for smtp purposes, with the VPS acting as
a SMTP proxy / gateway.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
