Le 28 avr. 2015 06:25, "iain" <expat.i...@gmail.com> a écrit : > > I have a working configuration for a couple of MTAs listening on TCP/25. > The layer 7 health checks work just fine with: > > ---CUT--->8---CUT--- > listen MTA > bind xx.xx.xx.xx:25 > bind XX:XX:XX:XX::XXXX:25 > mode tcp > option tcpka > option tcplog > option smtpchk HELO lb1.example.org > no option http-server-close > log global > balance leastconn > server MTA1 xx.xx.xx.xx:25 check-send-proxy send-proxy check > server MTA2 xx.xx.xx.xx:25 check-send-proxy send-proxy check > ---CUT--->8---CUT--- > > In addition to this, I also have the same servers listening on TCP/465 > for SSL authenticated connections, with layer 7 health checks being > performed on the TCP/25 port: > > ---CUT--->8---CUT--- > listen MTASSL > bind xx.xx.xx.xx:465 > bind XX:XX:XX:XX::XX:465 > mode tcp > option tcpka > option tcplog > option smtpchk HELO lb1.net.tain.com > no option http-server-close > log global > balance leastconn > server MTA1 xx.xx.xx.xx:465 port 25 check-send-proxy send-proxy check > server MTA2 xx.xx.xx.xx:465 port 25 check-send-proxy send-proxy check > ---CUT--->8---CUT--- > > The problem I am finding is that connections on the SSL side do not > cleanly complete. Can someone show me exactly where I am making an error > in here? > >
Hi, You need to enable the check-ssl on the server line. In your case haproxy sends a check in clear, while the server expects a ciphered connexion. Baptiste