Implement HAProxy protocol support

This patch implements support for incoming connections wrapped in the HAProxy protocol v1. This is useful when running chasquid behind a HAProxy server, as it needs the original source IP to perform SPF checks. This patch is a reimplementation of one originally provided by Denys Vitali in pull request #15, except the logic for the protocol handling is moved to a new package, and the smtpsrv.Conn handling of the source IP is simplified. It is marked as experimental for now, since we want to give it a bit more exposure just in case the option/api needs adjustment. Thanks a lot to Denys Vitali (@denysvitali in github) for sending the original patch for this, and helping test it!
2025-12-17 14:37:02 +00:00 · 2020-11-12 22:00:46 +00:00
parent c9d3ba0ca0
commit e79586a014
22 changed files with 389 additions and 24 deletions
--- a/internal/smtpsrv/server.go
+++ b/internal/smtpsrv/server.go
@@ -45,6 +45,9 @@ type Server struct {
 	// TLS config (including loaded certificates).
 	tlsConfig *tls.Config

+	// Use HAProxy on incoming connections.
+	HAProxyEnabled bool
+
 	// Local domains.
 	localDomains *set.String

@@ -257,6 +260,7 @@ func (s *Server) serve(l net.Listener, mode SocketMode) {
 			conn:           conn,
 			mode:           mode,
 			tlsConfig:      s.tlsConfig,
+			haproxyEnabled: s.HAProxyEnabled,
 			onTLS:          mode.TLS,
 			authr:          s.authr,
 			aliasesR:       s.aliasesR,