On 15/04/2023 13:53, Jeremy Harris via Exim-users wrote:
On 15/04/2023 12:53, Sebastian Arcus via Exim-users wrote:
I have a number of Exim servers behind a NAT gateway (actually
connected with vpn's to a cloud vps - but I'm hoping this is not
relevant to this post). I would like the gateway to send incoming port
25 traffic to the correct Exim server based on SNI in incoming TLS
packets - as different Exim instances serve different email domains.
The setup would look like this:
[Internet]
|
|
(smtp port 25)
|
v
|
[Cloud server]
|
v
|
----------------------------------------
| | |
| | |
[Exim server 1] [Exim server 2] [Exim server 3]
I would have preferred to do this at IP tables level - but apparently
not really possible. It seems the next option would be HAProxy. Has
anyone here used HAProxy or run a setup as above, or know if this is
actually doable? Any suggestions much appreciated.
Exim does talk the inbound-proxy protocol tha HAProxy apparently uses
(or can use):
https://exim.org/exim-html-current/doc/html/spec_html/ch-proxies.html#SECTproxyInbound
I can't really help on other HAProxy facilities or config though.
Another option for you would be to use Exim itself as the fanout element
at your
"cloud server". It has visibility of the SNI and could use that for
routing.
Thank you for the suggestions. I have considered using Exim itself as
the "proxy" at the front. One thing I have to figure out is SPF in
relation to Spamassassin. I think I would have to run Spamassassin on
the "proxy" Exim, as otherwise the IP address of the proxy will be added
to the headers during the delivery/relay process, and will probably
break the SPF checks in Spamassassin on the final Exim server in the
chain - I think?
Indeed, if the configurations needed for the "Exim server N" elements
are sufficiently
similar and load & geography permits, you could collapse the lot into a
single Exim.
I agree with you - except that there are some business / non-technical
reasons why this is not possibility in this case.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/