postfix-users May 2014 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: check_client_access doesn't use xforward-IP

Re: check_client_access doesn't use xforward-IP

From: Wietse Venema <wietse_at_nospam>
Date: Sun May 04 2014 - 21:16:11 GMT
To: Postfix users <postfix-users@postfix.org>

Peer Heinlein:
> as shown in the log we have a Postfix 2.9.4 with a localhost-connect
> from Amavis on Port 10025 that uses the xforward-command to give us
> the source IP address from the real client:
>
> But in the smtpd_recipient_restrictions Postfix makes lookups just for
> the localhost source IP 127.0.0.1:

Peer, this behaves as documented.

Use XCLIENT for impersonation. For example, for debugging what
happens when a specific client connects, or for handling a connection
that was handled by an with NGINX proxy.

Use XFORWARD for logging forwarding, so that LOGGING from a down-stream
MTA attributes the message to the original client context.

Thus, if you want impersonation use XCLIENT. If you want to have
more useful logging from a post-filter MTA. use XFORWARD.

        Wietse