MailEnable behind proxy: get real IP

Discussion forum for Enterprise Edition.
Post Reply
hicla
Posts: 8
Joined: Tue Sep 25, 2018 4:18 pm

MailEnable behind proxy: get real IP

Post by hicla » Thu Oct 29, 2020 7:29 pm

When running mailenable services through a proxy or load balancer, is there a way for mailenable to use the original client IP instead of the proxy IP?

The goal is to make the proxy invisible to the rest of mailenable and third party processes that rely on mailenable, so that logging, abuse detection, spam filtering, ... all work as if the client connected directly to mailenable and not through the proxy.
It would be useful when SMTP spam filtering for incoming emails is done by external services, or when having a front-end IMAP/POP/SMTP server like nginx or dovecot that proxies client connection to the correct mailenable instance based on the email and/or postoffice, or to load balance a single webmail/MTA/IMAP/POP/SMTP address across multiple mailenable instances.

For the webmail, an option would be to use the IP specified in the X-Forwarded-For HTTP header
For IMAP, POP, and SMTP, an option would be to use the PROXY protocol http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
These are just two examples, I'm open to any alternative
thanks!

Post Reply