HAProxy community

HAProxy - Email - Preserve Client IP

So we are using HAProxy to replace Microsoft Network Load Balancer in our email environment.

All functionality is working but I am seeing the LB IP as the source address for all incoming emails. I’ve been searching the internet for answers but I came here for some direction.

Setup -

I have frontends for ports 25,80,443,110,143,465,587,993,995

bind name
mode tcp
log global
timeout client 30000

That is tied to backends created for each of the above frontends.

mode tcp
id 105
log global
option log-health-checks
stick-table type ip size 100m expire 1d
stick on src
balance roundrobin
timeout connect 30000
timeout server 30000
retries 3
server Mail_1 id 101 check inter 1000
server Mail_2 id 102 check inter 1000
server Mail_3 id 103 check inter 1000

So what do I need to change to preserve client IPs?

I’ve seen that I should use one of the following options

option forwardfor
source usesrc clientip

But I’m not finding config examples for this nor am I seeing the best reason for one over the other.


for smtp traffic your only options are the PROXY protocol, and reusing the client IP address for backend connections.
PROXY protocol only works if your smtp service supports it. Reusing the client IP address for backend connections requires that your load balancer is on the default path when the server replies to the client IP address.

Can you provide the config changes that is needed on top of setting the gateway for my mail servers to be the HA Proxy server.

in this case

Each will have a gateway of

And then I’m guessing my server lines change to apply the send-proxy command

server Mail_1 id 101 send-proxy check inter 1000
server Mail_2 id 102 send-proxy check inter 1000
server Mail_3 id 103 send-proxy check inter 1000

Is that correct and do i need to do anything else?

Either you use the proxy protocol or you reuse the client IP.
for the former, send-proxy on server lines is enough. for the latter you use the source keyword on server lines on in the backend, some netfilter rules, and some ip rules. You can find an example here: https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/