Skip to content
Fork of the proxsmtp project
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
common
doc
scripts Removed erroneous chown line from proxsmtpd.sh Jan 15, 2005
src Tweak c3b1406, support multiline Aug 17, 2016
.gitignore Add upload-release make target, and start signing releases Oct 21, 2011
AUTHORS Send an RSET to the server after filter fails some data. Jun 21, 2007
COPYING
ChangeLog
INSTALL Initial build Sep 14, 2004
Makefile.am
NEWS
README Undo 7a3521b May 30, 2016
README.rst Update README.rst May 20, 2016
acsite.m4
autogen.sh Reorganize to better match git. Jan 23, 2011
configure.in
freshmeat.rel Add new make file bits for freshmeat upload Oct 21, 2011
rate.py

README.rst

Transparent SMTP proxy for Halon's email gateway, forked from http://thewalter.net/stef/software/proxsmtp/

Installation on Debian

apt-get install libcap-dev
sh autogen.sh
make

Fully transparent

Add the following to /etc/rc.local

modprobe nf_conntrack_ipv4
iptables -A INPUT -p tcp --syn --dport 25 -m connlimit --connlimit-above 50 -j REJECT --reject-with tcp-reset
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 0x01/0x01
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 10025
ip route flush table 100
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward

and adjust the TransparentProxy and Listen settings accordingly:

# head /usr/local/etc/proxsmtpd.conf
TransparentProxy: full
Listen: 0.0.0.0:10025
FilterType: smtp
FilterCommand: 192.168.0.100 # or 127.0.0.1 for haproxy

High volume

In order to handle many connections and high throughput, make sure that max open files is high enough and raise the MaxConnections setting.

# grep nofile /etc/security/limits.conf
*                soft    nofile          10000
*                hard    nofile          10000
# ulimit -n 10000
# grep MaxConnections /usr/local/etc/proxsmtpd.conf
MaxConnections: 3000

If disk IOPS becomes a bottleneck, you can use a memory filesystem

# grep tmpfs /etc/fstab
tmpfs   /tmp         tmpfs   nodev,nosuid,size=2G          0  0

or increase the write cache size

# grep sysctl /etc/rc.local
sysctl vm.dirty_background_ratio=50
sysctl vm.dirty_ratio=80
sysctl vm.dirty_expire_centisecs=30000
sysctl vm.dirty_writeback_centisecs=3000

Multiple Halon nodes

The easiest way to have a transparent setup with multiple Halon nodes, is to install haproxy:

# tail /etc/haproxy/haproxy.cfg
frontend localnodes
       bind *:20025
       mode tcp
       default_backend halons
       maxconn 3500 # sync with proxsmtpd
backend halons
       mode tcp
       balance roundrobin
       option smtpchk
       server out1 10.0.0.2:10025 maxconn 300 check
       server out2 10.0.0.3:10025 maxconn 300 check
       timeout connect        10s # just samething sane
       timeout server          1m
       timeout queue           1m

and make proxsmtp connect to haproxy

# grep htons proxsmtp/src/proxsmtpd.c
       remote.sin_port = htons(20025);
# grep Filter /usr/local/etc/proxsmtpd.conf
FilterType: smtp
FilterCommand: 127.0.0.1
You can’t perform that action at this time.