Hi, On 13.10.2015 17:28, Michael JOIGNY wrote: > Hi Everyone, > > I wouldlike to set up a postfix-dovecot with HA using HAproxy but im > facing issues. > > I've followed this documentation : > > http://wiki2.dovecot.org/HAProxy (pour dovecot) > > http://blog.haproxy.com/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/ > (pour postfix) > > Package's version : > > dovecot : 2:2.2.19 (>= 2.2.19 pour proxy protocol) > haproxy : 1.5.14 > postfix : 2.11.2-1 (>2.10 pour postscreen) > > A part of my configuration : > > ##HAPROXY > #postfix > listen smtp > bind mail.xx.xx:465 > balance roundrobin > timeout client 1m > timeout connect 5s > no option http-server-close > mode tcp > option smtpchk > option tcplog > server tst tst.xxx:10465 send-proxy > server tst2 tst2.xxx:10465 send-proxy > server tst3 tst3.xxx:10465 send-proxy >
you cant use port 465, please use port 25. The SMTPS is ancient and not support via proxy protocol. Iam refering to your listen port. -- listen smtp bind mail.xx.xx:25 .. server tst tst.xxx:10465 send-proxy -- > #dovecot > listen imap > bind mail.xxx.xx:993 > timeout client 1m > no option http-server-close > balance leastconn > stick store-request src > stick-table type ip size 200k expire 30m > mode tcp > option tcplog > server tst tst.xxx:10993 send-proxy-v2 > server tst2tst2.xxx:10993 send-proxy-v2 > server tst3 tst3.xxx:10993 send-proxy-v2 > > ##POSTFIX > > postix main.cf > #Haproxy proxy protocol > postscreen_upstream_proxy_protocol = haproxy > > postfix master.cf > #haproxy > 10465 inet n – n – 1 postscreen > smtpd pass – – n – – smtpd > S > > ##DOVECOT > > haproxy_timeout = 5 secs > haproxy_trusted_networks = x.x.x.x > inet_listener imap_haproxy { > haproxy = yes > port = 10993 > } > here you are missing the ssl=yes keyword. -- conf.d/10-master.conf - haproxy_trusted_networks = x.x.x.x service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } inet_listener imap_haproxy { port = 10143 haproxy = yes } inet_listener imaps_haproxy { port = 10993 ssl = yes haproxy = yes } -- > With my mail client : > > With an IMAP connection, logs below, i don't understand why my login is > empty ... > > dovecot: imap-login: Disconnected: Too many invalid commands (no auth > attempts in 0 secs): *user=<>*, rip=mon_ip_publique, > lip=ip_publique_haproxy, session= xxx > > With a SMTP connection, logs below, i have a timeout. > > postfix/postscreen[16654]: CONNECT from [my public ip]:49942 to [my > haproxy public ip]:465 > postfix/postscreen[16654]: PREGREET 166 after 0 from [mon ip > publique]:49942: > \22\3\1\161\1\157\3\3+0E\b\213\131\177\173>\r/\213\177i\223k”FjA#\144\145\153\vP\\\155HL\190 > it seems postscreen does not understand the proxy protocol. > If someone could help me, thanks. > > Kind regards. > -- cheers thomas