Hi,
On 04.09.2015 11:01, Lukas Erlacher wrote: > Hi, > > using your configuration gives me this warnung: > > [WARNING] 246/103726 (16071) : [/usr/sbin/haproxy.main()] FD limit > (85535) too low for maxconn=65000/maxsock=130032. Please raise > 'ulimit-n' to 130032 or more to avoid any trouble. Just adapt -- maxconn 65000 ulimit-n 85535 -- to your favorite values and you're fine. > > Other than that it makes no difference. > I think the problem is the entry in /etc/postfix/master.cf > I think I'm going to just emulate SMTPS by terminating SSL in haproxy > and forwarding it to port 25... but then you need tproxy i think to preserve the client ip > > Best, > Luke > >> >> Well I created a very simple config. >> >> /etc/haproxy.cfg >> global >> maxconn 65000 >> ulimit-n 85535 >> uid 0 >> gid 0 >> daemon >> stats socket /var/run/haproxy.stat level admin >> >> nbproc 1 >> >> cpu-map all 1 2 >> ssl-server-verify none >> >> tune.ssl.default-dh-param 2048 >> >> defaults >> mode tcp >> no option http-server-close >> timeout connect 5000 >> timeout client 50000 >> timeout server 50000 >> >> listen app1 >> bind :8080 >> mode http >> stats enable >> stats uri / >> maxconn 200 >> >> >> frontend ft_smtps >> bind :465 >> timeout client 1m >> default_backend bk_postfix_smtps >> >> backend bk_postfix_smtps >> option tcp-check >> timeout server 1m >> timeout connect 5s >> server mail-1 172.1.1.21:10464 send-proxy check >> >> /etc/postfix/master.cf on 172.1.1.21 >> 10464 inet n - n - - smtpd >> -o smtpd_tls_wrappermode=yes >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> -o smtpd_upstream_proxy_protocol=haproxy >> >> >> Would you mind trying ? >> >> 10464 inet n - n - - smtpd >> >> instead of >> >> 10464 inet n - - - - smtpd >> >> For haproxy... >> >> The only differnce is that you use chroot and user haproxy.. Cou,ld you >> please try with the default and global section in the minimal example? >> >> >> cheers >> thomas >> >> >