Postfix does not send XFORWARD command?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix does not send XFORWARD command?

Srikrishnan Chitoor
Hi:

  We have two postfix instances "fe" abd "be" with "fe" facing the Internet.

In "fe", the configuration is as follows:

** START
mynetworks = 0.0.0.0/0
smtpd_proxy_filter = <be IP>:25
inet_interfaces = all
smtp_send_xforward_command = yes
** END

"be" is running a postfix with lot of checks like domain names, users etc.
In "be", we have also enabled XFORWARD authorized hosts to be "fe" as follows:

** START
smtpd_authorized_xforward_hosts = <fe ip>
** END

  We have also manually confirmed that when "fe" connects to "be", "be" announces XFORWARD support.

  In the manual (http://www.postfix.org/SMTPD_PROXY_README.html) says

** START
While sending mail into the content filter, Postfix speaks ESMTP but uses no command pipelining. Postfix generates its own EHLO, XFORWARD (for logging the remote client IP address instead of localhost[127.0.0.1]), DATA and QUIT commands,
** END

  But we see that the XFORWARD command is not sent from "fe" to "be". We are using postfix version 2.3.3.

  Please let me know what is wrong with our configuration.

  Thanks in advance for your help,

-Krishnan.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix does not send XFORWARD command?

mouss-2
Srikrishnan Chitoor wrote:

> Hi:
>
>   We have two postfix instances "fe" abd "be" with "fe" facing the Internet.
>
> In "fe", the configuration is as follows:
>
> ** START
> mynetworks = 0.0.0.0/0
> smtpd_proxy_filter = <be IP>:25
> inet_interfaces = all
> smtp_send_xforward_command = yes
> ** END
>
> "be" is running a postfix with lot of checks like domain names, users etc.
> In "be", we have also enabled XFORWARD authorized hosts to be "fe" as follows:
>
> ** START
> smtpd_authorized_xforward_hosts = <fe ip>
> ** END
>
>   We have also manually confirmed that when "fe" connects to "be", "be" announces XFORWARD support.
>
>   In the manual (http://www.postfix.org/SMTPD_PROXY_README.html) says
>
> ** START
> While sending mail into the content filter, Postfix speaks ESMTP but uses no command pipelining. Postfix generates its own EHLO, XFORWARD (for logging the remote client IP address instead of localhost[127.0.0.1]), DATA and QUIT commands,
> ** END
>
>   But we see that the XFORWARD command is not sent from "fe" to "be". We are using postfix version 2.3.3.
>  

how do you "see"? please be precise and provide complete evidence.

Also post the output of 'postconf -n' instead of exceprts from main.cf.
>   Please let me know what is wrong with our configuration.
>
>   Thanks in advance for your help,
>
> -Krishnan.
>  

Reply | Threaded
Open this post in threaded view
|

Re: Postfix does not send XFORWARD command?

Srikrishnan Chitoor
Hi:

  Thanks for the prompt reply.

  Here are the answers:

  1. When we send a "XFORWARD" manually from "fe" to "be", the IP specified in XFORWARD ADDR is logged properly. However, in normal mode of operation, it is logging IP of "fe".
  2. I will post "postconf -n" shortly.

--- On Thu, 6/5/08, mouss <[hidden email]> wrote:

> From: mouss <[hidden email]>
> Subject: Re: Postfix does not send XFORWARD command?
> To:
> Cc: [hidden email]
> Date: Thursday, June 5, 2008, 1:56 PM
> Srikrishnan Chitoor wrote:
> > Hi:
> >
> >   We have two postfix instances "fe" abd
> "be" with "fe" facing the Internet.
> >
> > In "fe", the configuration is as follows:
> >
> > ** START
> > mynetworks = 0.0.0.0/0
> > smtpd_proxy_filter = <be IP>:25
> > inet_interfaces = all
> > smtp_send_xforward_command = yes
> > ** END
> >
> > "be" is running a postfix with lot of checks
> like domain names, users etc.
> > In "be", we have also enabled XFORWARD
> authorized hosts to be "fe" as follows:
> >
> > ** START
> > smtpd_authorized_xforward_hosts = <fe ip>
> > ** END
> >
> >   We have also manually confirmed that when
> "fe" connects to "be", "be"
> announces XFORWARD support.
> >
> >   In the manual
> (http://www.postfix.org/SMTPD_PROXY_README.html) says
> >
> > ** START
> > While sending mail into the content filter, Postfix
> speaks ESMTP but uses no command pipelining. Postfix
> generates its own EHLO, XFORWARD (for logging the remote
> client IP address instead of localhost[127.0.0.1]), DATA
> and QUIT commands,
> > ** END
> >
> >   But we see that the XFORWARD command is not sent
> from "fe" to "be". We are using postfix
> version 2.3.3.
> >  
>
> how do you "see"? please be precise and provide
> complete evidence.
>
> Also post the output of 'postconf -n' instead of
> exceprts from main.cf.
> >   Please let me know what is wrong with our
> configuration.
> >
> >   Thanks in advance for your help,
> >
> > -Krishnan.
> >
Reply | Threaded
Open this post in threaded view
|

Re: Postfix does not send XFORWARD command?

Srikrishnan Chitoor
In reply to this post by mouss-2
Hi:
 
  My mistake. Looks like only "XCLIENT" changes the logging behavior of "be" instance. "XFORWARD" still makes "be" instance log actual IP, etc.

  So, "fe" is most likely sending the XFORWARD command, but we cannot detect it in "be" instance.

  Please ignore this question and thanks for your time.

--- On Thu, 6/5/08, mouss <[hidden email]> wrote:

> From: mouss <[hidden email]>
> Subject: Re: Postfix does not send XFORWARD command?
> To:
> Cc: [hidden email]
> Date: Thursday, June 5, 2008, 1:56 PM
> Srikrishnan Chitoor wrote:
> > Hi:
> >
> >   We have two postfix instances "fe" abd
> "be" with "fe" facing the Internet.
> >
> > In "fe", the configuration is as follows:
> >
> > ** START
> > mynetworks = 0.0.0.0/0
> > smtpd_proxy_filter = <be IP>:25
> > inet_interfaces = all
> > smtp_send_xforward_command = yes
> > ** END
> >
> > "be" is running a postfix with lot of checks
> like domain names, users etc.
> > In "be", we have also enabled XFORWARD
> authorized hosts to be "fe" as follows:
> >
> > ** START
> > smtpd_authorized_xforward_hosts = <fe ip>
> > ** END
> >
> >   We have also manually confirmed that when
> "fe" connects to "be", "be"
> announces XFORWARD support.
> >
> >   In the manual
> (http://www.postfix.org/SMTPD_PROXY_README.html) says
> >
> > ** START
> > While sending mail into the content filter, Postfix
> speaks ESMTP but uses no command pipelining. Postfix
> generates its own EHLO, XFORWARD (for logging the remote
> client IP address instead of localhost[127.0.0.1]), DATA
> and QUIT commands,
> > ** END
> >
> >   But we see that the XFORWARD command is not sent
> from "fe" to "be". We are using postfix
> version 2.3.3.
> >  
>
> how do you "see"? please be precise and provide
> complete evidence.
>
> Also post the output of 'postconf -n' instead of
> exceprts from main.cf.
> >   Please let me know what is wrong with our
> configuration.
> >
> >   Thanks in advance for your help,
> >
> > -Krishnan.
> >