If you can't do this without losing the remote SMTP client IP
address, your options are:
- Install HAproxy on the "router", configure HaProxy to forward
mail to Postfix, and configure Postfix to use
"smtpd_upstream_proxy_protocol = haproxy".
With this, Postfix CANNOT receive direct SMTP mail. It is not
guessing if a connection is made directly or through HAproxy.
- Install nginx on the "router", configure nginx to send XCLIENT
commands to Postfix. and enable Postfix XCLIENT for the router's
IP address with "smtpd_authorized_xclient_hosts = 1.2.3.4".
With this, Postfix can still receive direct SMTP mail.
Wietse
Thank you, Wietse, for your expertise here.
If I may ask a couple more questions about this:
With HAProxy, would it work to install a VM and point email traffic to
it for both LAN and WAN traffic?
With Nginx XClient, would it also work to install this on a VM and have
it handling incoming SMTP email traffic from the WAN while not affecting
LAN SMTP traffic?
Do either of these options affect SMTP authentication over port 587?
Thank you,
Asai