On Thu, Apr 17, 2014 at 10:04:26AM -0700, sedandgrep wrote:
> Yes you are correct. MTAs do send direct to other domains. But if there isn't
> a way to get postfix to send via the proxy, it defeats the purpose for my
> use. A workaround is simply to place the postfix/dovecot server on a
> completely separate box and run no smtp/imap proxy at all. I would have
> better performance but I would rather have the proxy deployed in front of
> it. The idea is to protect the postfix server by not revealing its true IP.
You would not be protecting anything by hiding the IP address of
the MTA. If you managed to hide the MTA behind a proxy, you'd be
potentially allowing unauthorized agents other than the MTA to send
mail via the proxy as though they were the MTA. That could lead
to your proxy IP being blacklisted.
To protect your MTA block unwanted traffic, but hiding its IP
address is futile.
--
Viktor.
