Merge pull request docker-mailserver#187 from docker-mailserver/fix/proxy-protocol-postscreen-cache

cfis · web-flow · commit 222946705a03 · 2025-09-21T18:15:51.000-07:00
fix: PROXY protocol should share postscreen cache
diff --git a/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap b/charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap
@@ -63,8 +63,15 @@ manifest should match snapshot:
 
         # Create a variant for port 25 too (NOTE: Port 10025 is already assigned in DMS to Amavis):
         postconf -Mf smtp/inet | sed -e s/^smtp/12525/ >> /etc/postfix/master.cf
-        # Enable PROXY Protocol support (different setting as port 25 is handled via postscreen), optionally configure a `syslog_name` to distinguish in logs:
-        postconf -P 12525/inet/postscreen_upstream_proxy_protocol=haproxy 12525/inet/postscreen_cache_map=proxy:btree:\$data_directory/postscreen_12525_cache 12525/inet/syslog_name=postfix/smtpd-proxyprotocol
+        # Enable PROXY Protocol support:
+        # - Uses a different setting as port 25 is handled via the postscreen service
+        # - Optionally configure a `syslog_name` to distinguish in logs:
+        postconf -P \
+          12525/inet/postscreen_upstream_proxy_protocol=haproxy \
+          12525/inet/syslog_name=postfix/smtpd-proxyprotocol
+
+        # Add the `proxy:` prefix to share this cache between each running postscreen service via `proxymap`:
+        postconf 'postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache'
     kind: ConfigMap
     metadata:
       labels:
diff --git a/charts/docker-mailserver/values.yaml b/charts/docker-mailserver/values.yaml
@@ -614,8 +614,15 @@ configMaps:
       
       # Create a variant for port 25 too (NOTE: Port 10025 is already assigned in DMS to Amavis):
       postconf -Mf smtp/inet | sed -e s/^smtp/12525/ >> /etc/postfix/master.cf
-      # Enable PROXY Protocol support (different setting as port 25 is handled via postscreen), optionally configure a `syslog_name` to distinguish in logs:
-      postconf -P 12525/inet/postscreen_upstream_proxy_protocol=haproxy 12525/inet/postscreen_cache_map=proxy:btree:\$data_directory/postscreen_12525_cache 12525/inet/syslog_name=postfix/smtpd-proxyprotocol
+      # Enable PROXY Protocol support:
+      # - Uses a different setting as port 25 is handled via the postscreen service
+      # - Optionally configure a `syslog_name` to distinguish in logs:
+      postconf -P \
+        12525/inet/postscreen_upstream_proxy_protocol=haproxy \
+        12525/inet/syslog_name=postfix/smtpd-proxyprotocol
+
+      # Add the `proxy:` prefix to share this cache between each running postscreen service via `proxymap`:
+      postconf 'postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache'
       {{- end }}
 
 ## The secrets key works the same way as the configs key. Use secrets to store sensitive information,
