On 15/04/2023 21:38, Jeremy Harris via Exim-users wrote:
On 15/04/2023 13:53, Jeremy Harris via Exim-users wrote:
Exim does talk the inbound-proxy protocol tha HAProxy apparently uses (or can use):
https://exim.org/exim-html-current/doc/html/spec_html/ch-proxies.html#SECTproxyInbound
Thinking further, this (HAProxy with Proxy-protocol as a frontend for an
MTA,
with the HAProxy routing based on SNI) has additional complications.
Because
the ESMTP connection has to (for port 25) negotiate TLS using STARTTLS,
you're
asking that HAProxy run that part of the ESMTP protocol, so that it can
see the
SNI. It'd have to replay that ESMTP startup down the connection to the
backend,
as far as the TLS Client Hello - or be a full ESMTP endpoint. I don't
know if
it's that clever.
I think the question has evolved during this thread, and it's become
obvious that HAProxy is not the best way to go about it. I'm not even
sure why I was looking into the whole SNI stuff - as I'm only planning
to use this solution for SMTP (server to server) - not submission SMTP
(client to server). So all outside servers trying to deliver email would
only be connecting to one MX FQDN for multiple recipient domains - the
FQDN of the front-end machine. So in the end SNI shouldn't even come
into it. Sorry for all the confusion.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/