From 5c5ad8bd4db23c19c1401dd27858d45d995ae797 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 28 Sep 2022 03:38:28 +0200
Subject: [PATCH] fix(postfix): Enforce usage of haproxy

Apparently one needs to configure `-o smtpd_upstream_proxy_protocol=haproxy`
for other inet services as well in order to actually make it through.
This patch enables it on smtp and submissions ports.

The hint for that came from experimenting and the docker-mailserver project.

References:
https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/kubernetes/#proxy-port-to-service-via-proxy-protocol
---
 images/postfix/config/main.cf   | 2 ++
 images/postfix/config/master.cf | 1 +
 2 files changed, 3 insertions(+)

diff --git a/images/postfix/config/main.cf b/images/postfix/config/main.cf
index d11e4e34f..248c2a8a1 100644
--- a/images/postfix/config/main.cf
+++ b/images/postfix/config/main.cf
@@ -92,6 +92,8 @@ postscreen_upstream_proxy_timeout = 5s
 postscreen_access_list = permit_mynetworks
 postscreen_blacklist_action = drop
 postscreen_greet_action = ignore
+# Disable zombie detection
+postscreen_greet_banner =
 postscreen_dnsbl_action = enforce
 postscreen_dnsbl_threshold = 3
 postscreen_dnsbl_allowlist_threshold = -1
diff --git a/images/postfix/config/master.cf b/images/postfix/config/master.cf
index e556ec4b8..c0ea1bccb 100644
--- a/images/postfix/config/master.cf
+++ b/images/postfix/config/master.cf
@@ -8,6 +8,7 @@
 smtpd     pass  -       -       -       -       -       smtpd
     -o smtpd_tls_received_header=yes
     -o content_filter=
+    -o smtpd_upstream_proxy_protocol=haproxy
 dnsblog   unix  -       -       -       -       0       dnsblog
 tlsproxy  unix  -       -       -       -       0       tlsproxy
 #smtps     inet  n       -       -       -       -       smtpd
-- 
GitLab