Hi,
Thanks for your quick answer Thomas !
SMTP and IMAP works now, but i wouldlike to use SSL TLS on both but it's
ok only with IMAP :
* port 993
* encrypted password
* security SSL TLS
How can i use SSL TLS with SMTP in my thunderbird's settings, because
it's only works with :
* port 25
* encrypted password
* security : none
Do you have an idea ?
Kind regards !
Le 14/10/2015 13:25, Thomas Heil a écrit :
Hi,
On 13.10.2015 17:28, Michael JOIGNY wrote:
Hi Everyone,
I wouldlike to set up a postfix-dovecot with HA using HAproxy but im
facing issues.
I've followed this documentation :
http://wiki2.dovecot.org/HAProxy (pour dovecot)
http://blog.haproxy.com/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/
(pour postfix)
Package's version :
dovecot : 2:2.2.19 (>= 2.2.19 pour proxy protocol)
haproxy : 1.5.14
postfix : 2.11.2-1 (>2.10 pour postscreen)
A part of my configuration :
##HAPROXY
#postfix
listen smtp
bind mail.xx.xx:465
balance roundrobin
timeout client 1m
timeout connect 5s
no option http-server-close
mode tcp
option smtpchk
option tcplog
server tst tst.xxx:10465 send-proxy
server tst2 tst2.xxx:10465 send-proxy
server tst3 tst3.xxx:10465 send-proxy
you cant use port 465, please use port 25. The SMTPS is ancient and not
support via proxy protocol. Iam refering to your listen port.
--
listen smtp
bind mail.xx.xx:25
..
server tst tst.xxx:10465 send-proxy
--
#dovecot
listen imap
bind mail.xxx.xx:993
timeout client 1m
no option http-server-close
balance leastconn
stick store-request src
stick-table type ip size 200k expire 30m
mode tcp
option tcplog
server tst tst.xxx:10993 send-proxy-v2
server tst2tst2.xxx:10993 send-proxy-v2
server tst3 tst3.xxx:10993 send-proxy-v2
##POSTFIX
postix main.cf
#Haproxy proxy protocol
postscreen_upstream_proxy_protocol = haproxy
postfix master.cf
#haproxy
10465 inet n – n – 1 postscreen
smtpd pass – – n – – smtpd
S
##DOVECOT
haproxy_timeout = 5 secs
haproxy_trusted_networks = x.x.x.x
inet_listener imap_haproxy {
haproxy = yes
port = 10993
}
here you are missing the ssl=yes keyword.
--
conf.d/10-master.conf
-
haproxy_trusted_networks = x.x.x.x
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
inet_listener imap_haproxy {
port = 10143
haproxy = yes
}
inet_listener imaps_haproxy {
port = 10993
ssl = yes
haproxy = yes
}
--
With my mail client :
With an IMAP connection, logs below, i don't understand why my login is
empty ...
dovecot: imap-login: Disconnected: Too many invalid commands (no auth
attempts in 0 secs): *user=<>*, rip=mon_ip_publique,
lip=ip_publique_haproxy, session= xxx
With a SMTP connection, logs below, i have a timeout.
postfix/postscreen[16654]: CONNECT from [my public ip]:49942 to [my
haproxy public ip]:465
postfix/postscreen[16654]: PREGREET 166 after 0 from [mon ip
publique]:49942:
\22\3\1\161\1\157\3\3+0E\b\213\131\177\173>\r/\213\177i\223k”FjA#\144\145\153\vP\\\155HL\190
it seems postscreen does not understand the proxy protocol.
If someone could help me, thanks.
Kind regards.
--
cheers
thomas
--
