Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-19 14:57:04 +00:00
Code Releases Activity

Implement HAProxy protocol support

Browse Source 
This patch implements support for incoming connections wrapped in the
HAProxy protocol v1.

This is useful when running chasquid behind a HAProxy server, as it
needs the original source IP to perform SPF checks.

This patch is a reimplementation of one originally provided by Denys
Vitali in pull request #15, except the logic for the protocol handling
is moved to a new package, and the smtpsrv.Conn handling of the source
IP is simplified.

It is marked as experimental for now, since we want to give it a bit
more exposure just in case the option/api needs adjustment.

Thanks a lot to Denys Vitali (@denysvitali in github) for sending the
original patch for this, and helping test it!
This commit is contained in:
Alberto Bertogli
2020-11-12 22:00:46 +00:00
parent c9d3ba0ca0
commit e79586a014
22 changed files with 389 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/man/chasquid.conf.5
View File

@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "chasquid.conf 5"
.TH chasquid.conf 5 "2020-05-24" "" ""
.TH chasquid.conf 5 "2020-11-12" "" ""
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -234,6 +234,14 @@ databases will be authenticated via dovecot. Default: \f(CW\*(C`false\*(C'\fR.
The path to dovecot's auth sockets is autodetected, but can be manually
overridden using the \f(CW\*(C`dovecot_userdb_path\*(C'\fR and \f(CW\*(C`dovecot_client_path\*(C'\fR if
needed.
.IP "\fBhaproxy_incoming\fR (bool):" 8
.IX Item "haproxy_incoming (bool):"
\&\fB\s-1EXPERIMENTAL\s0\fR, might change in backwards-incompatible ways.
.Sp
If true, expect incoming \s-1SMTP\s0 connections to use the HAProxy protocol.
This allows deploying chasquid behind a HAProxy server, as the address
information is preserved, and \s-1SPF\s0 checks can be performed properly.
Default: \f(CW\*(C`false\*(C'\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBchasquid\fR\|(1)

9
docs/man/chasquid.conf.5.pod
View File

@@ -113,6 +113,15 @@ The path to dovecot's auth sockets is autodetected, but can be manually
overridden using the C<dovecot_userdb_path> and C<dovecot_client_path> if
needed.
=item B<haproxy_incoming> (bool):
B<EXPERIMENTAL>, might change in backwards-incompatible ways.
If true, expect incoming SMTP connections to use the HAProxy protocol.
This allows deploying chasquid behind a HAProxy server, as the address
information is preserved, and SPF checks can be performed properly.
Default: C<false>.
=back
=head1 SEE ALSO