Implement HAProxy protocol support

This patch implements support for incoming connections wrapped in the HAProxy protocol v1. This is useful when running chasquid behind a HAProxy server, as it needs the original source IP to perform SPF checks. This patch is a reimplementation of one originally provided by Denys Vitali in pull request #15, except the logic for the protocol handling is moved to a new package, and the smtpsrv.Conn handling of the source IP is simplified. It is marked as experimental for now, since we want to give it a bit more exposure just in case the option/api needs adjustment. Thanks a lot to Denys Vitali (@denysvitali in github) for sending the original patch for this, and helping test it!
2025-12-20 15:07:03 +00:00 · 2020-11-12 22:00:46 +00:00
parent c9d3ba0ca0
commit e79586a014
22 changed files with 389 additions and 24 deletions
--- a/etc/chasquid/chasquid.conf
+++ b/etc/chasquid/chasquid.conf
@@ -87,3 +87,11 @@
 # Default: "" (autodetect)
 #dovecot_userdb_path: ""
 #dovecot_client_path: ""
+
+# Expect incoming SMTP connections to use the HAProxy protocol.
+# EXPERIMENTAL - Might change in backwards-incompatible ways.
+# If set to true, this allows deploying chasquid behind a HAProxy server, as
+# the address information is preserved, and SPF checks can be performed
+# properly.
+# Default: false
+#haproxy_incoming: false