fix(postfix): rework postscreen integration

This patch sets the postscreen config options more explicitly and provides enables the TLS proxy, which should allow proper TLS access directly within postscreen. It seems this resolved the weird latency issues we saw previously.

fix(postfix): rework postscreen integration
e868450c · Sheogorath · 1dd21752 · e868450c · e868450c
Verified Commit e868450c authored Sep 28, 2022 by Sheogorath
--- a/images/postfix/config/main.cf
+++ b/images/postfix/config/main.cf
@@ -87,6 +87,8 @@ virtual_transport = lmtp:inet:dovecot-internal:24
 ## Postscreen Configuration
 ##

+postscreen_upstream_proxy_protocol = haproxy
+postscreen_upstream_proxy_timeout = 5s
 postscreen_access_list = permit_mynetworks
 postscreen_blacklist_action = drop
 postscreen_greet_action = ignore
@@ -172,5 +174,3 @@ maximal_queue_lifetime = 1d
 bounce_queue_lifetime = 1d
 unverified_recipient_reject_code = 577
 compatibility_level = 2
-
-postscreen_upstream_proxy_protocol = haproxy
--- a/images/postfix/config/master.cf
+++ b/images/postfix/config/master.cf
@@ -3,11 +3,13 @@
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 10025      inet  n       -       -       -       1       postscreen
+    -o postscreen_upstream_proxy_protocol=haproxy
+    -o syslog_name=postfix/10025
 smtpd     pass  -       -       -       -       -       smtpd
    -o smtpd_tls_received_header=yes
    -o content_filter=
 dnsblog   unix  -       -       -       -       0       dnsblog
-#tlsproxy  unix  -       -       -       -       0       tlsproxy
+tlsproxy  unix  -       -       -       -       0       tlsproxy
 #smtps     inet  n       -       -       -       -       smtpd
 #  -o syslog_name=postfix/smtps
 #  -o smtpd_tls_wrappermode=yes