Re: [exim] Proxy smtp connections to multiple Exim servers b…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MSebastian Arcus at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: Sebastian Arcus
CC: Exim Users
Subject: Re: [exim] Proxy smtp connections to multiple Exim servers behind proxy
On Sat, 15 Apr 2023, Sebastian Arcus wrote:

> On 15/04/2023 18:44, Andrew C Aitchison wrote:
>> On Sat, 15 Apr 2023, Sebastian Arcus via Exim-users wrote:
>>
>>> I have a number of Exim servers behind a NAT gateway (actually connected
>>> with vpn's to a cloud vps - but I'm hoping this is not relevant to this
>>> post). I would like the gateway to send incoming port 25 traffic to the
>>> correct Exim server based on SNI in incoming TLS packets - as different
>>> Exim instances serve different email domains. The setup would look like
>>> this:
>>>
>>>                      [Internet]
>>>                          |
>>>                          |
>>>                    (smtp port 25)
>>>                          |
>>>                          v
>>>                          |
>>>                   [Cloud server]
>>>                          |
>>>                          v
>>>                          |
>>>       ----------------------------------------
>>>       |                  |                   |
>>>       |                  |                   |
>>> [Exim server 1]    [Exim server 2]    [Exim server 3]
>>>
>>>
>>> I would have preferred to do this at IP tables level - but apparently not
>>> really possible. It seems the next option would be HAProxy. Has anyone
>>> here used HAProxy or run a setup as above, or know if this is actually
>>> doable? Any suggestions much appreciated.


>> Since you have different domains, my first thought would just be to
>> assign them different MXes with different IPs ...
>
> This is the situation now. But managing a full set of internet connections
> with fixed IP addresses and reverse dns records is turning into a major drag.
> Every time the internet connection on one of the boxes has to change
> provider, it becomes a whole project managing the migration, with downtime
> while the provider assigns a PTR record to the connection. On occasion it has
> taken 2 weeks. This is why I would like to have all boxes use one single
> public IP address and one PTR record through the VPS / cloud server for smtp
> purposes, with the VPS acting as a SMTP proxy / gateway.

Ah.

I've only done it with physical local machines, where
it was easy to move an ip address from one box to another.
I had an ip address for each box and one for each domain,
so I could just move the domain ip address to another machine
when necessary. No need to change the DNS at all.
Not necessarily something you can do with a cloud. 

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Proxy smtp connections to multiple Exim servers behind proxy[exim] Dynamic certificate paths->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)