On Mon, Nov 02, 2015 at 02:47:03PM +0000, Jeremy Harris wrote:
> On 02/11/15 14:17, Viktor Dukhovni wrote:
> > HAProxy is a layer 4 load-balancing protocol that can be configured
> > to load balance connections *before* SSL termination.[...]
> > the HA proxy protocol
>
> You're saying it's not transparent? Aargh.
HAproxy does its handshake before handing off the underlying TCP
stream. Think "SOCKS" in reverse.
For port 25 one needs the HA proxy handshake, because remote client
IPs are needed for access control.
For port 465, with SASL auth, one might in fact be able to use a
transparent proxy. Perhaps Amazon's HA proxy supports that mode
of operation also.
> Matt: you may well need to compile an Exim version including
> EXPERIMENTAL_PROXY. See doc-txt/experimental-spec.txt .
To use Amazon's HA proxy one must either support their protocol,
or be able to work with the proxy admins to do transparent load
balancing.
--
Viktor.