Re: [exim] Proxy smtp connections to multiple Exim servers b…

Página Inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Para: exim-users
Assunto: Re: [exim] Proxy smtp connections to multiple Exim servers behind proxy
On 15/04/2023 12:53, Sebastian Arcus via Exim-users wrote:
> I have a number of Exim servers behind a NAT gateway (actually connected with vpn's to a cloud vps - but I'm hoping this is not relevant to this post). I would like the gateway to send incoming port 25 traffic to the correct Exim server based on SNI in incoming TLS packets - as different Exim instances serve different email domains. The setup would look like this:
>
>                       [Internet]
>                           |
>                           |
>                     (smtp port 25)
>                           |
>                           v
>                           |
>                    [Cloud server]
>                           |
>                           v
>                           |
>        ----------------------------------------
>        |                  |                   |
>        |                  |                   |
> [Exim server 1]    [Exim server 2]    [Exim server 3]
>
>
> I would have preferred to do this at IP tables level - but apparently not really possible. It seems the next option would be HAProxy. Has anyone here used HAProxy or run a setup as above, or know if this is actually doable? Any suggestions much appreciated.
>


Exim does talk the inbound-proxy protocol tha HAProxy apparently uses (or can use):
https://exim.org/exim-html-current/doc/html/spec_html/ch-proxies.html#SECTproxyInbound

I can't really help on other HAProxy facilities or config though.

Another option for you would be to use Exim itself as the fanout element at your
"cloud server". It has visibility of the SNI and could use that for routing.
Indeed, if the configurations needed for the "Exim server N" elements are sufficiently
similar and load & geography permits, you could collapse the lot into a single Exim.
--
Cheers,
Jeremy