Using HAPROXY Against Zimbra MTA Services, reveal origin IP

We often use HAProxy when deploying zimbra in large environment for load balancing traffic espesially in MTA services  port 25, 465 and 587. but using default configuration  in haproxy and zimbra  affecting sender IP will be read as HAProxy server’s IP, so we cannot trace email by it’s origin IP. this is a big issue when dealing with spammer either from outside or internal.

Luckily there are option in postfix for read original IP from traffic that was sent by haproxy. the configuration are postscreen_upstream_proxy_protocol (if using postscreen as it’s a default in smtp port 25 since zimbra 8.7) and smtpd_upstream_proxy_protocol then from haproxy side by adding send-proxy option.

So here’s the steps for configuring it:

Continue reading “Using HAPROXY Against Zimbra MTA Services, reveal origin IP”

Advertisements