Edgaras Luko?evi?ius:
[ Charset windows-1252 converted... ]
> Hello,
>
> is it possible to configure configure haproxy to work with postfix sasl and
> dovecot auth like this:
>
> clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1,
> 20025:auth-backend-2
What Postfix documentation promises that this will work?
Wietse
> The configuration I have now gives me this error when haproxy change backend
> server, and when server is changed back to primary I am able to login
> successfully again:
> 535 5.7.8 Error: authentication failed: Connection lost to authentication
> server
>
> Postfix sasl don?t establish new connection to auth service every time new
> auth request arrives (keeps connection open), but haproxy change servers
> while session is still active.
>
> Note that haproxy is between postfix and dovecot and is not facing clients
> directly, so there is no way to keep persistent connections by client ip.
>
> # VERSIONs
>
> POSTFIX: mail_version = 2.10.1
> DOVECOT: 2.2.10
>
>
> # POSTFIX
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_exceptions_networks =
> smtpd_sasl_local_domain =
> smtpd_sasl_path = inet:127.0.0.1:20025 <? HAProxy
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> smtpd_sasl_type = dovecot
>
>
> # HAPROX
> frontend postfix-sasl
> bind 127.0.0.1:20025
> default_backend dovecot-auth
>
> backend dovecot-auth
> mode tcp
> option tcplog
> option srvtcpka
> hash-type consistent
>
> balance roundrobin
> server mail-backend-1 31.220.19.52:20025 check
> server mail-backend-2 31.220.19.53:20025 check
