Hello,
firstly, I am aware that SMTPS is deprecated and should not be used. But
I have to support legacy infrastructure and the person who can tell me
that it is fine to turn off SMTPS isn't around atm, so I'm trying to
make this work.
I have a postfix server with SMTPS, this is the master.cf configuration:
10464 inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_upstream_proxy_protocol=haproxy
This is the haproxy configuration:
frontend ft_smtps
bind 0.0.0.0 ssl crt haproxy.combined.key.pem
timeout client 1m
log global
option tcplog
default_backend bk_postfix_smtps
backend bk_postfix_smtps
option smtpchk HELO localhost
log global
option tcplog
timeout server 1m
timeout connect 5s
server mailbackend mail:10464 ssl verify none send-proxy check
I get this message from haproxy:
Aug 28 12:15:53 haproxy haproxy[1962]: message repeated 3 times: [
Server bk_postfix_smtps/mailbackend is DOWN, reason: Layer6 timeout,
check duration: 2001ms. 0 active and 0 backup servers left. 0 sessions
active, 0 requeued, 0 remaining in queue.]
And this from the postfix:
Aug 28 12:15:51 mail postfix-from-user/smtpd[16561]: connect from
haproxy[XXX.XXX.42.4]
Aug 28 12:15:53 mail postfix-from-user/smtpd[16561]: SSL_accept error
from haproxy[XXX.XXX.42.4]: Connection reset by peer
Aug 28 12:15:53 mail postfix-from-user/smtpd[16561]: lost connection
after CONNECT from haproxy[XXX.XXX.42.4]
Any idea?
I've also tried setting it up without ssl termination, which doesn't
work - I am assuming the PROXY protocol can't work without termination.
Best
Luke
firstly, I am aware that SMTPS is deprecated and should not be used. But
I have to support legacy infrastructure and the person who can tell me
that it is fine to turn off SMTPS isn't around atm, so I'm trying to
make this work.
I have a postfix server with SMTPS, this is the master.cf configuration:
10464 inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_upstream_proxy_protocol=haproxy
This is the haproxy configuration:
frontend ft_smtps
bind 0.0.0.0 ssl crt haproxy.combined.key.pem
timeout client 1m
log global
option tcplog
default_backend bk_postfix_smtps
backend bk_postfix_smtps
option smtpchk HELO localhost
log global
option tcplog
timeout server 1m
timeout connect 5s
server mailbackend mail:10464 ssl verify none send-proxy check
I get this message from haproxy:
Aug 28 12:15:53 haproxy haproxy[1962]: message repeated 3 times: [
Server bk_postfix_smtps/mailbackend is DOWN, reason: Layer6 timeout,
check duration: 2001ms. 0 active and 0 backup servers left. 0 sessions
active, 0 requeued, 0 remaining in queue.]
And this from the postfix:
Aug 28 12:15:51 mail postfix-from-user/smtpd[16561]: connect from
haproxy[XXX.XXX.42.4]
Aug 28 12:15:53 mail postfix-from-user/smtpd[16561]: SSL_accept error
from haproxy[XXX.XXX.42.4]: Connection reset by peer
Aug 28 12:15:53 mail postfix-from-user/smtpd[16561]: lost connection
after CONNECT from haproxy[XXX.XXX.42.4]
Any idea?
I've also tried setting it up without ssl termination, which doesn't
work - I am assuming the PROXY protocol can't work without termination.
Best
Luke