2020/02/14 by Maarten Oelering.
PowerMTA 5.0: Using a proxy for email delivery
One new thing we are particularly excited about is PowerMTA 5.0 support for forward proxies: this allows delivery from IPs which don’t need to be co-located on the same server or subnet.
In this blog post, we will explain this with a few use cases and introduce Postmastery’s MTA proxy for a ready-to-go solution.
Use case 1: Your hoster limits the number of IPs per server
Suppose you are a small ESP hosting PowerMTA on a server with 8 IPs. You get more customers and you want to add more IPs. But your hoster limits the number of IPs of each server so you need to add more servers. Wouldn’t it be great if you can stick with one PowerMTA and deliver mail from more than one server?
Use case 2: Warmup IPs on a new server before migrating PowerMTA
Or what if you want to migrate to another hoster with different IPs? Then you need to slowly warm up the IPs at the new hoster before you move away from your old hoster. Wouldn’t it be nice if you can use the new IPs together with the old IPs from the PowerMTA at its current location?
Using a forward proxy for email delivery
You can use a so called ‘forward proxy’ to route outbound traffic via an intermediary server to its destination. The destination will see the IP on the intermediary server as the originating IP. This means that the PowerMTA and the IPs you want to use can be in different networks, even at different hosters. You only need a proxy server co-located with the IPs.
At Postmastery we were using a proxy even before PowerMTA had proxy support. But this required some Linux iptables trickery to intercept the connections and forward them to the proxy server. Others have used GRE or SSH tunnels for similar purposes, but these are complex to set up and difficult to make reliable.
PowerMTA 5.0 and Postmastery’s MTA proxy
Now PowerMTA can interface directly to proxies using an open protocol. The proxy protocol is a simple protocol where the client sends a message to the server asking to make a connection from a specific local IP to a specific remote IP. When the connection is made, traffic in both directions is relayed as is via the proxy. From there PowerMTA will run the SMTP conversation exactly as it would without a proxy.
The image above shows a typical proxy set-up with the directives used to configure the proxy in PowerMTA. Please refer to the PowerMTA User’s Guide for more details on the configuration.
As a proxy server you can use HAProxy, which is a comprehensive load balancer and proxy solution. HAProxy is often used to load balance inbound connections to web servers. Postmastery has developed a lean and fast proxy which is very easy to set up and runs on Linux and Windows.