Re: smtpchk when using proxy protocol

Mon, 27 May 2013 20:55:24 -0700 

Hi,

There is an option in HAProxy 1.5 doc:

http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#check-send-proxy

And this thread:

http://comments.gmane.org/gmane.comp.web.haproxy/11551

I have set in HAProxy config:

server postfix01 X.X.X.X:10000 check check-send-proxy send-proxy


and double-check Postfix's main.cf file:

postscreen_upstream_proxy_protocol = haproxy


but there is still that error:
May 28 10:47:17 localhost haproxy[9495]: Server ft_postfix/postfix01 is DOWN, reason: Layer7 invalid response, info: "220-mail.mydomain.com ESMTP Postfix (Ubuntu)", check duration: 1ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. May 28 10:47:17 localhost haproxy[9495]: proxy ft_postfix has no server available!
I have a look at HAProxy source code and see that it checks if the server speaks <digit><digit><digit><space> (not sure). 

I have to choose tcp check instead. It works normally.

Viet

On 05/28/2013 12:02 AM, Tom Lanyon wrote:

On 27/05/2013, at 5:04 PM, Vit Dua <[email protected]> wrote:

I have used proxy protocol for SMTP

<snip>

It worked successfully.

I wanted to do smtpchk so that I added to the config:

server postfix01 X.X.X.X:10000 send-proxy check

<snip>

I am running haproxy-1.5_dev18 in front of Postfix 2.10.0 SMTP servers using 
the PROXY protocol.

As far as I could see in the 1.5_dev18 code, the smtpchk option does not send 
the appropriate PROXY protocol chatter during the health check when send-proxy 
is enabled.  I tried to patch this but couldn't see an easy way to do so with 
the current health check code (I can't remember the details right now).

The two options I came up with were:

        1. fallback to TCP checking
        2. perform the SMTP check some other way

We are now doing #2 and are doing the SMTP check (without the PROXY protocol) 
to a different set of listen ports on the Postfix servers.

Here's the relevant parts of our config:

postfix master.cf:
        # Regular SMTP (no PROXY) on port 'smtp' (TCP 25)
        smtp      inet  n       -       n       -       -       smtpd
        # A custom service which expects haproxy's PROXY protocol on 
non-standard port 9025
        9025      inet  n       -       n       -       -       smtpd -o 
smtpd_upstream_proxy_protocol=haproxy

haproxy.cfg:
        frontend f-smtp
                bind ....:25
                mode tcp
                timeout client 1m
                default_backend b-smtp

        backend b-smtp
                mode tcp
                option smtpchk
                timeout server 1m
                # note: data port 9025 (w/PROXY); smtpchk port 25 (no PROXY).
                server smtp1 <ip>:9025 send-proxy check port 25
                server smtp2 <ip>:9025 send-proxy check port 25
                server smtp3 <ip>:9025 send-proxy check port 25

Tom

Reply via email to