Hi Vit, You're right about HAProxy's smtp check. Furthermore, here is what the SMTP RFC says: "Formally, a reply is defined to be the sequence: a three-digit code, <SP>, one line of text, and <CRLF>"
Your welcome banner doesn't follow the RFC. There may be some options in Postfix to set to change this behavior. Baptiste On Tue, May 28, 2013 at 5:54 AM, Vit Dua <[email protected]> wrote: > Hi, > > There is an option in HAProxy 1.5 doc: > > > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#check-send-proxy > > And this thread: > > http://comments.gmane.org/gmane.comp.web.haproxy/11551 > > I have set in HAProxy config: > > server postfix01 X.X.X.X:10000 check check-send-proxy send-proxy > > and double-check Postfix's main.cf file: > > postscreen_upstream_proxy_protocol = haproxy > > but there is still that error: > > May 28 10:47:17 localhost haproxy[9495]: Server ft_postfix/postfix01 is > DOWN, reason: Layer7 invalid response, info: "220-mail.mydomain.com ESMTP > Postfix (Ubuntu)", check duration: 1ms. 0 active and 0 backup servers left. > 0 sessions active, 0 requeued, 0 remaining in queue. > May 28 10:47:17 localhost haproxy[9495]: proxy ft_postfix has no server > available! > > > I have a look at HAProxy source code and see that it checks if the server > speaks <digit><digit><digit><space> (not sure). > > I have to choose tcp check instead. It works normally. > > Viet > > > On 05/28/2013 12:02 AM, Tom Lanyon wrote: > > On 27/05/2013, at 5:04 PM, Vit Dua <[email protected]> <[email protected]> > wrote: > > I have used proxy protocol for SMTP > > <snip> > > It worked successfully. > > I wanted to do smtpchk so that I added to the config: > > server postfix01 X.X.X.X:10000 send-proxy check > > <snip> > > I am running haproxy-1.5_dev18 in front of Postfix 2.10.0 SMTP servers using > the PROXY protocol. > > As far as I could see in the 1.5_dev18 code, the smtpchk option does not send > the appropriate PROXY protocol chatter during the health check when > send-proxy is enabled. I tried to patch this but couldn't see an easy way to > do so with the current health check code (I can't remember the details right > now). > > The two options I came up with were: > > 1. fallback to TCP checking > 2. perform the SMTP check some other way > > We are now doing #2 and are doing the SMTP check (without the PROXY protocol) > to a different set of listen ports on the Postfix servers. > > Here's the relevant parts of our config: > > postfix master.cf: > # Regular SMTP (no PROXY) on port 'smtp' (TCP 25) > smtp inet n - n - - smtpd > # A custom service which expects haproxy's PROXY protocol on > non-standard port 9025 > 9025 inet n - n - - smtpd -o > smtpd_upstream_proxy_protocol=haproxy > > haproxy.cfg: > frontend f-smtp > bind ....:25 > mode tcp > timeout client 1m > default_backend b-smtp > > backend b-smtp > mode tcp > option smtpchk > timeout server 1m > # note: data port 9025 (w/PROXY); smtpchk port 25 (no PROXY). > server smtp1 <ip>:9025 send-proxy check port 25 > server smtp2 <ip>:9025 send-proxy check port 25 > server smtp3 <ip>:9025 send-proxy check port 25 > > Tom > > > >
