1

Topic: Does iRedMail support Proxy Protocol?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.6 dev
- Linux/BSD distribution name and version: Ubuntu 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

As a part of the HA set-up I encountered the following issues.
The Amazon Elastic Load Balancer is sending to the backend servers his own IP. See log bellow
--------------------------------------------------------------------------------------------------------------------
Aug 12 13:08:02 mx1 postfix/postscreen[3326]: warning: cidr map /etc/postfix/postscreen_access.cidr, line 8: bad address pattern: "''": skipping this rule
Aug 12 13:08:02 mx1 postfix/postscreen[3326]: CONNECT from [192.168.0.218]:42291 to [192.168.0.196]:25
Aug 12 13:08:02 mx1 postfix/postscreen[3326]: PASS OLD [192.168.0.218]:42291
Aug 12 13:08:02 mx1 postfix/smtpd[3327]: connect from ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]
Aug 12 13:08:02 mx1 postfix/smtpd[3327]: Anonymous TLS connection established from ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 12 13:08:02 mx1 postfix/smtpd[3327]: D1CB66394B: client=ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]
Aug 12 13:08:02 mx1 postfix/cleanup[3331]: D1CB66394B: message-id=<bdfa8750-ee65-362c-1390-5eb6ee7766c6@dializa.md>
Aug 12 13:08:02 mx1 postfix/qmgr[2349]: D1CB66394B: from=<it@dializa.md>, size=1927, nrcpt=1 (queue active)
Aug 12 13:08:02 mx1 postfix/smtpd[3327]: disconnect from ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]
Aug 12 13:08:03 mx1 postfix/smtpd[3335]: connect from mx1.traianaws.cf[127.0.0.1]
Aug 12 13:08:03 mx1 postfix/smtpd[3335]: 29C866394C: client=mx1.traianaws.cf[127.0.0.1]
Aug 12 13:08:03 mx1 postfix/cleanup[3331]: 29C866394C: message-id=<bdfa8750-ee65-362c-1390-5eb6ee7766c6@dializa.md>
Aug 12 13:08:03 mx1 postfix/qmgr[2349]: 29C866394C: from=<it@dializa.md>, size=2543, nrcpt=1 (queue active)
Aug 12 13:08:03 mx1 postfix/smtpd[3335]: disconnect from mx1.traianaws.cf[127.0.0.1]
Aug 12 13:08:03 mx1 amavis[1593]: (01593-03) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [192.168.0.218]:42291 [52.31.209.6]  -> , Queue-ID: D1CB66394B, Message-ID: , mail_id: LBJ2hRzirbQX, Hits: -0.89, size: 1927, queued_as: 29C866394C, 282 ms, Tests: [ALL_TRUSTED=-1,DKIM_SIGNED=0.1,T_DKIM_INVALID=0.01]
Aug 12 13:08:03 mx1 postfix/smtp[3332]: D1CB66394B: to=<trciobanu@traianaws.cf>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.43, delays=0.11/0.01/0/0.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 29C866394C)
Aug 12 13:08:03 mx1 postfix/qmgr[2349]: D1CB66394B: removed
Aug 12 13:08:03 mx1 postfix/pipe[3336]: 29C866394C: to=<trciobanu@traianaws.cf>, relay=dovecot, delay=0.23, delays=0.02/0.01/0/0.2, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 12 13:08:03 mx1 postfix/qmgr[2349]: 29C866394C: removed
----------------------------------------------------------------------------------------------------------------------------------------

After I enable Proxy Protocol as per the Amazon AWS documentation here
https://docs.aws.amazon.com/elasticload … otocol-cli
it should transmit the clients real IP to the backend. But instead my mail is bounced back with following errors in the client
-------------------------------------------------------------------------------------------------------------
This is the mail system at host mail.dializa.md.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<trciobanu@traianaws.cf>: Protocol error: host mail.traianaws.cf[52.50.211.144]
    said: 250 2.1.5 Ok (in reply to DATA command)



Reporting-MTA: dns; mail.dializa.md
X-Postfix-Queue-ID: 7DE9760AAB
X-Postfix-Sender: rfc822; it@dializa.md
Arrival-Date: Fri, 12 Aug 2016 15:57:56 +0300 (EEST)

Final-Recipient: rfc822; trciobanu@traianaws.cf
Original-Recipient: rfc822;trciobanu@traianaws.cf
Action: failed
Status: 5.5.0
Remote-MTA: dns; mail.traianaws.cf
Diagnostic-Code: smtp; 250 2.1.5 Ok
-------------------------------------------------------------------------------------------------------------------------------------------


and here is log in /var/log/mail.log on receiving server
-----------------------------------------------------
Aug 12 13:14:45 mx1 postfix/postscreen[3451]: warning: cidr map /etc/postfix/postscreen_access.cidr, line 8: bad address pattern: "''": skipping this rule
Aug 12 13:14:45 mx1 postfix/postscreen[3451]: CONNECT from [192.168.0.218]:42457 to [192.168.0.196]:25
Aug 12 13:14:45 mx1 postfix/postscreen[3451]: PASS OLD [192.168.0.218]:42457
Aug 12 13:14:45 mx1 postfix/smtpd[3454]: connect from ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]
Aug 12 13:14:45 mx1 postfix/smtpd[3454]: C0CFC63947: client=ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]
Aug 12 13:14:45 mx1 postfix/smtpd[3454]: lost connection after DATA (12 bytes) from ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]
Aug 12 13:14:45 mx1 postfix/smtpd[3454]: disconnect from ip-192-168-0-218.eu-west-1.compute.internal[192.168.0.218]
Aug 12 13:14:45 mx1 postfix/cleanup[3456]: C0CFC63947: message-id=<>
---------------------------------------------------

and on sending  server

---------------------------------------------
Aug 12 16:08:02 mail postfix/smtpd[12958]: disconnect from localhost.localdomain[127.0.0.1]
Aug 12 16:08:02 mail postfix/qmgr[18060]: 750E760AAB: from=<it@dializa.md>, size=1705, nrcpt=1 (queue active)
Aug 12 16:08:02 mail amavis[11927]: (11927-03) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [52.31.209.6]:58375 [52.31.209.6] <it@dializa.md> -> <trciobanu@traianaws.cf>, Queue-ID: 22E66608FC, Message-ID: <bdfa8750-ee65-362c-1390-5eb6ee7766c6@dializa.md>, mail_id: Nspy2_7dtqwT, Hits: -1, size: 620, queued_as: 750E760AAB, dkim_new=dkim:dializa.md, 280 ms
Aug 12 16:08:02 mail postfix/smtp[12955]: 22E66608FC: to=<trciobanu@traianaws.cf>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.41, delays=0.11/0.01/0/0.28, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 750E760AAB)
Aug 12 16:08:02 mail postfix/qmgr[18060]: 22E66608FC: removed
Aug 12 16:08:02 mail postfix/smtp[12959]: 750E760AAB: to=<trciobanu@traianaws.cf>, relay=mail.traianaws.cf[52.50.211.144]:25, delay=0.47, delays=0/0.01/0.28/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D1CB66394B)
Aug 12 16:08:02 mail postfix/qmgr[18060]: 750E760AAB: removed
Aug 12 16:11:22 mail postfix/anvil[12342]: statistics: max connection rate 1/60s for (smtp:139.255.51.42) at Aug 12 16:04:56
Aug 12 16:11:22 mail postfix/anvil[12342]: statistics: max connection count 1 for (smtp:139.255.51.42) at Aug 12 16:04:56
Aug 12 16:11:22 mail postfix/anvil[12342]: statistics: max cache size 2 at Aug 12 16:08:01
Aug 12 16:13:53 mail postfix/smtpd[13056]: connect from ec2-52-30-210-162.eu-west-1.compute.amazonaws.com[52.30.210.162]
Aug 12 16:13:53 mail postfix/smtpd[13056]: AF93B602F7: client=ec2-52-30-210-162.eu-west-1.compute.amazonaws.com[52.30.210.162]
Aug 12 16:13:53 mail postfix/cleanup[13066]: AF93B602F7: message-id=<28a4e9802c6ff6a9d953c30a5aa5ee02@traianaws.cf>
Aug 12 16:13:53 mail postfix/qmgr[18060]: AF93B602F7: from=<trciobanu@traianaws.cf>, size=1826, nrcpt=1 (queue active)
Aug 12 16:13:53 mail postfix/smtpd[13056]: disconnect from ec2-52-30-210-162.eu-west-1.compute.amazonaws.com[52.30.210.162]
Aug 12 16:13:54 mail postfix/smtpd[13073]: connect from localhost.localdomain[127.0.0.1]
Aug 12 16:13:54 mail postfix/smtpd[13073]: F215260AAB: client=localhost.localdomain[127.0.0.1]
Aug 12 16:13:54 mail postfix/cleanup[13066]: F215260AAB: message-id=<28a4e9802c6ff6a9d953c30a5aa5ee02@traianaws.cf>
Aug 12 16:13:54 mail postfix/qmgr[18060]: F215260AAB: from=<trciobanu@traianaws.cf>, size=2707, nrcpt=1 (queue active)
Aug 12 16:13:54 mail postfix/smtpd[13073]: disconnect from localhost.localdomain[127.0.0.1]
Aug 12 16:13:55 mail amavis[12769]: (12769-02) Passed CLEAN {RelayedInbound}, [52.30.210.162]:35869 [52.30.210.162] <trciobanu@traianaws.cf> -> <it@dializa.md>, Queue-ID: AF93B602F7, Message-ID: <28a4e9802c6ff6a9d953c30a5aa5ee02@traianaws.cf>, mail_id: 1g7IaVx90Kap, Hits: 4.116, size: 1826, queued_as: F215260AAB, 1247 ms
Aug 12 16:13:55 mail postfix/smtp[13070]: AF93B602F7: to=<it@dializa.md>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=0.08/0.01/0/1.3, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as F215260AAB)
Aug 12 16:13:55 mail postfix/qmgr[18060]: AF93B602F7: removed
Aug 12 16:13:55 mail postfix/pipe[13074]: F215260AAB: to=<it@dializa.md>, relay=dovecot, delay=0.04, delays=0/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 12 16:13:55 mail postfix/qmgr[18060]: F215260AAB: removed
Aug 12 16:14:43 mail postfix/smtpd[13087]: connect from ec2-52-31-209-6.eu-west-1.compute.amazonaws.com[52.31.209.6]
Aug 12 16:14:44 mail postfix/smtpd[13087]: 165B2602F7: client=ec2-52-31-209-6.eu-west-1.compute.amazonaws.com[52.31.209.6], sasl_method=PLAIN, sasl_username=it@dializa.md
Aug 12 16:14:44 mail postfix/cleanup[13066]: 165B2602F7: message-id=<8fd36df3-7713-8cbf-9b46-9b6a34e44f77@dializa.md>
Aug 12 16:14:44 mail postfix/qmgr[18060]: 165B2602F7: from=<it@dializa.md>, size=623, nrcpt=1 (queue active)
Aug 12 16:14:44 mail postfix/smtpd[13087]: disconnect from ec2-52-31-209-6.eu-west-1.compute.amazonaws.com[52.31.209.6]
Aug 12 16:14:45 mail postfix/smtpd[13073]: connect from localhost.localdomain[127.0.0.1]
Aug 12 16:14:45 mail postfix/smtpd[13073]: 5880A60AAB: client=localhost.localdomain[127.0.0.1]
Aug 12 16:14:45 mail postfix/cleanup[13066]: 5880A60AAB: message-id=<8fd36df3-7713-8cbf-9b46-9b6a34e44f77@dializa.md>
Aug 12 16:14:45 mail postfix/smtpd[13073]: disconnect from localhost.localdomain[127.0.0.1]
Aug 12 16:14:45 mail postfix/qmgr[18060]: 5880A60AAB: from=<it@dializa.md>, size=1708, nrcpt=1 (queue active)
Aug 12 16:14:45 mail amavis[12566]: (12566-05) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [52.31.209.6]:58385 [52.31.209.6] <it@dializa.md> -> <trciobanu@traianaws.cf>, Queue-ID: 165B2602F7, Message-ID: <8fd36df3-7713-8cbf-9b46-9b6a34e44f77@dializa.md>, mail_id: uEFvB58YMxp5, Hits: -0.999, size: 623, queued_as: 5880A60AAB, dkim_new=dkim:dializa.md, 1223 ms
Aug 12 16:14:45 mail postfix/smtp[13070]: 165B2602F7: to=<trciobanu@traianaws.cf>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.3, delays=0.11/0/0/1.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5880A60AAB)
Aug 12 16:14:45 mail postfix/qmgr[18060]: 165B2602F7: removed
Aug 12 16:14:45 mail postfix/smtp[13090]: 5880A60AAB: to=<trciobanu@traianaws.cf>, relay=mail.traianaws.cf[52.50.211.144]:25, delay=0.49, delays=0/0.01/0.3/0.18, dsn=5.5.0, status=bounced (Protocol error: host mail.traianaws.cf[52.50.211.144] said: 250 2.1.5 Ok (in reply to DATA command))
Aug 12 16:14:45 mail postfix/cleanup[13066]: D9D5760AE0: message-id=<20160812131445.D9D5760AE0@mail.dializa.md>
Aug 12 16:14:45 mail postfix/qmgr[18060]: D9D5760AE0: from=<>, size=3633, nrcpt=1 (queue active)
Aug 12 16:14:45 mail postfix/bounce[13091]: 5880A60AAB: sender non-delivery notification: D9D5760AE0
Aug 12 16:14:45 mail postfix/qmgr[18060]: 5880A60AAB: removed
Aug 12 16:14:45 mail postfix/pipe[13074]: D9D5760AE0: to=<it@dializa.md>, relay=dovecot, delay=0.03, delays=0/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 12 16:14:45 mail postfix/qmgr[18060]: D9D5760AE0: removed
Aug 12 16:14:53 mail postfix/smtpd[13056]: connect from unknown[155.133.82.144]
Aug 12 16:14:53 mail postfix/smtpd[13056]: lost connection after AUTH from unknown[155.133.82.144]
Aug 12 16:14:53 mail postfix/smtpd[13056]: disconnect from unknown[155.133.82.144]
------------------------------------------------------------------

Does postfix, dovecot support this proxy protocol?

2

Re: Does iRedMail support Proxy Protocol?

Problem solved.

Added
postscreen_upstream_proxy_protocol = haproxy

to main.cf

3

Re: Does iRedMail support Proxy Protocol?

Thanks for sharing. smile

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee