Welcome! Log In Create A New Profile

Advanced

Re: DNSBL with mail proxy

Previous Message Next Message
Forum List Message List New Topic Print View
Pat Suwalski
March 31, 2016 02:20PM
I managed to solve my own problem with the use of XCLIENT. There isn't a
whole lot of information out there, so maybe search engines will pick up
on this post and help someone else.

It was very easy to set up. Simply turn "xclient off" to "xclient on" in
the nginx configuration as quoted below. Then, in the postfix
configuration, enable xclient for the proxy's IP:

smtpd_authorized_xclient_hosts = 1.2.3.4

(It can be turned on globally, but I like being specific).

This seemed to work immediately with the DNSBL/rbl rules already in postfix.

--Pat

On 2016-03-31 01:23 AM, Pat Suwalski wrote:
> Hello,
>
> I started using nginx as a proxy for incoming mail, for DDoS protection
> and hiding of origin.
>
> I have it set up as follows:
>
> mail {
> server_name foo.bar.com;
> auth_http localhost:8080/auth-smtppass.php;
>
> server {
> listen 25;
> protocol smtp;
> proxy on;
> timeout 5s;
> xclient off;
> smtp_auth none;
> }
> }
>
> And then I have a location handler that tells it where to actually go:
>
> location ~ .php$ {
> add_header Auth-Server 111.222.111.222;
> add_header Auth-Port 25;
> return 200;
> }
>
> This works great, except that the real mail server (111.222.111.222 in
> this example) doesn't see where the mail is actually coming from, and
> therefore loses its ability to apply the DNSBL.
>
> One obvious way to use the DNSBL would be to have an actual auth script
> that does the DNSBL checking. However, it's really nice to have it all
> handled without calling out to php or perl.
>
> I could also have a local postfix that does nothing but DNSBL and relay
> to the real server, but that seems like just another layer of complication.
>
> Anyone have any creative ideas on how this could be implemented right in
> nginx? Maybe someone's written an auth script that does DNSBL?
>
> Thanks,
> --Pat
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

DNSBL with mail proxy

Pat Suwalski March 31, 2016 01:24AM

Re: DNSBL with mail proxy

Pat Suwalski March 31, 2016 02:20PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 171
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready