Hi,
On 13.10.2015 17:28, Michael JOIGNY wrote:
> Hi Everyone,
>
> I wouldlike to set up a postfix-dovecot with HA using HAproxy but im
> facing issues.
>
> I've followed this documentation :
>
> http://wiki2.dovecot.org/HAProxy (pour dovecot)
>
> http://blog.haproxy.com/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/
> (pour postfix)
>
> Package's version :
>
> dovecot : 2:2.2.19 (>= 2.2.19 pour proxy protocol)
> haproxy : 1.5.14
> postfix : 2.11.2-1 (>2.10 pour postscreen)
>
> A part of my configuration :
>
> ##HAPROXY
> #postfix
> listen smtp
> bind mail.xx.xx:465
> balance roundrobin
> timeout client 1m
> timeout connect 5s
> no option http-server-close
> mode tcp
> option smtpchk
> option tcplog
> server tst tst.xxx:10465 send-proxy
> server tst2 tst2.xxx:10465 send-proxy
> server tst3 tst3.xxx:10465 send-proxy
>
you cant use port 465, please use port 25. The SMTPS is ancient and not
support via proxy protocol. Iam refering to your listen port.
--
listen smtp
bind mail.xx.xx:25
..
server tst tst.xxx:10465 send-proxy
--
> #dovecot
> listen imap
> bind mail.xxx.xx:993
> timeout client 1m
> no option http-server-close
> balance leastconn
> stick store-request src
> stick-table type ip size 200k expire 30m
> mode tcp
> option tcplog
> server tst tst.xxx:10993 send-proxy-v2
> server tst2tst2.xxx:10993 send-proxy-v2
> server tst3 tst3.xxx:10993 send-proxy-v2
>
> ##POSTFIX
>
> postix main.cf
> #Haproxy proxy protocol
> postscreen_upstream_proxy_protocol = haproxy
>
> postfix master.cf
> #haproxy
> 10465 inet n – n – 1 postscreen
> smtpd pass – – n – – smtpd
> S
>
> ##DOVECOT
>
> haproxy_timeout = 5 secs
> haproxy_trusted_networks = x.x.x.x
> inet_listener imap_haproxy {
> haproxy = yes
> port = 10993
> }
>
here you are missing the ssl=yes keyword.
--
conf.d/10-master.conf
-
haproxy_trusted_networks = x.x.x.x
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
inet_listener imap_haproxy {
port = 10143
haproxy = yes
}
inet_listener imaps_haproxy {
port = 10993
ssl = yes
haproxy = yes
}
--
> With my mail client :
>
> With an IMAP connection, logs below, i don't understand why my login is
> empty ...
>
> dovecot: imap-login: Disconnected: Too many invalid commands (no auth
> attempts in 0 secs): *user=<>*, rip=mon_ip_publique,
> lip=ip_publique_haproxy, session= xxx
>
> With a SMTP connection, logs below, i have a timeout.
>
> postfix/postscreen[16654]: CONNECT from [my public ip]:49942 to [my
> haproxy public ip]:465
> postfix/postscreen[16654]: PREGREET 166 after 0 from [mon ip
> publique]:49942:
> \22\3\1\161\1\157\3\3+0E\b\213\131\177\173>\r/\213\177i\223k”FjA#\144\145\153\vP\\\155HL\190
>
it seems postscreen does not understand the proxy protocol.
> If someone could help me, thanks.
>
> Kind regards.
> --
cheers
thomas
