On 2023-04-15, Sebastian Arcus via Exim-users <exim-users@exim.org> wrote: > I have a number of Exim servers behind a NAT gateway (actually connected > with vpn's to a cloud vps - but I'm hoping this is not relevant to this > post). I would like the gateway to send incoming port 25 traffic to the > correct Exim server based on SNI in incoming TLS packets - as different > Exim instances serve different email domains. The setup would look like > this: > > [Internet] > | > | > (smtp port 25) > | > v > | > [Cloud server] > | > v > | > ---------------------------------------- > | | | > | | | > [Exim server 1] [Exim server 2] [Exim server 3] > > > I would have preferred to do this at IP tables level - but apparently > not really possible. It seems the next option would be HAProxy. Has > anyone here used HAProxy or run a setup as above, or know if this is > actually doable? Any suggestions much appreciated.
The picture above is possible but does not match the description above that. SNI won't tell you anything until some time the after the client says STARTTLS, so HAPROXY won't be able to route based on SNI, unless you can teach it SMTP. -- Jasen. 🇺🇦 Слава Україні -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
