[stunnel-users] Sending original IP (proxy) for smtp
James Brown
jlbrown at bordo.com.au
Tue Apr 16 07:52:15 CEST 2019
I’d like stunnel to pass the incoming IP along, not stunnel's IP.
My traffic flow is:
Stunnel (accept on port 465) -> ASSP (an smtp proxy) -> Postfix (accept on port 10026)
I tried:
[ssmtp]
client = no
accept = 465
connect = 25
protocol = proxy
But ASSP had:
Apr-15-19 18:50:22 [Worker_1] Connected: session:7FE104AA1870 127.0.0.1:58954 > 127.0.0.1:25 > 127.0.0.1:10026
Apr-15-19 18:50:23 [Worker_1] 127.0.0.1 warning: got reply '502 5.5.2 Error: command not recognized' from 127.0.0.1
Apr-15-19 18:50:23 id-18223-03317 [Worker_1] 127.0.0.1 info: sending EHLO instead of HELO to 127.0.0.1
Apr-15-19 18:50:23 id-18223-03317 [Worker_1] 127.0.0.1 disconnected: session:7FE104AA1870 127.0.0.1 - processing time 1 seconds
And Postfix had:
2019-04-15 18:50:22.995042+1000 localhost smtpd[33360]: connect from localhost[127.0.0.1]
2019-04-15 18:50:23.108756+1000 localhost smtpd[33360]: improper command pipelining after EHLO from localhost[127.0.0.1]: RSET\r\n
2019-04-15 18:50:23.273664+1000 localhost smtpd[33360]: disconnect from localhost[127.0.0.1] ehlo=2 rset=1 quit=1 unknown=0/1 commands=4/5
So I take it protocol=proxy is not the way to do it. Sounds like this only works with haproxy which I do not have installed.
Is there a way to do this?
The problem I am trying to solve is ASSP has lines like:
warning: SMTP authentication failed on 127.0.0.1
- obviously I don’t want fail2ban to ban 127.0.0.1.
Stunnel log has:
2019.04.15 18:52:26 LOG5[23]: Service [ssmtp] accepted connection from ::ffff:185.222.209.66:53642
2019.04.15 18:52:27 LOG3[23]: s_connect: connect ::1:25: Connection refused (61)
Any suggestions?
Thanks,
James.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190416/ae624717/attachment.html>
More information about the stunnel-users
mailing list