Hi Baptiste,
My banner is normal indeed.
I have checked with telnet and HAProxy without Proxy Protocol.
Telnet directly:
root@postfix01:~/postfix-2.10.0# telnet X.X.X.X 25
Trying X.X.X.X...
Connected to X.X.X.X.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Postfix (Ubuntu)
Connect via HAProxy without Proxy Protocol:
220 mail.mydomain.com ESMTP Postfix (Ubuntu)
Viet
On 05/28/2013 01:30 PM, Baptiste wrote:
Hi Vit,
You're right about HAProxy's smtp check.
Furthermore, here is what the SMTP RFC says:
"Formally, a reply is defined to be the sequence: a three-digit code,
<SP>, one line of text, and <CRLF>"
Your welcome banner doesn't follow the RFC. There may be some options
in Postfix to set to change this behavior.
Baptiste
On Tue, May 28, 2013 at 5:54 AM, Vit Dua <vit...@gmail.com
<mailto:vit...@gmail.com>> wrote:
Hi,
There is an option in HAProxy 1.5 doc:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#check-send-proxy
And this thread:
http://comments.gmane.org/gmane.comp.web.haproxy/11551
I have set in HAProxy config:
server postfix01 X.X.X.X:10000 check check-send-proxy send-proxy
and double-check Postfix's main.cf <http://main.cf> file:
postscreen_upstream_proxy_protocol = haproxy
but there is still that error:
May 28 10:47:17 localhost haproxy[9495]: Server
ft_postfix/postfix01 is DOWN, reason: Layer7 invalid response,
info: "220-mail.mydomain.com <http://220-mail.mydomain.com> ESMTP
Postfix (Ubuntu)", check duration: 1ms. 0 active and 0 backup
servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
May 28 10:47:17 localhost haproxy[9495]: proxy ft_postfix has no
server available!
I have a look at HAProxy source code and see that it checks if the
server speaks <digit><digit><digit><space> (not sure).
I have to choose tcp check instead. It works normally.
Viet
On 05/28/2013 12:02 AM, Tom Lanyon wrote:
On 27/05/2013, at 5:04 PM, Vit Dua<vit...@gmail.com>
<mailto:vit...@gmail.com> wrote:
I have used proxy protocol for SMTP
<snip>
It worked successfully.
I wanted to do smtpchk so that I added to the config:
server postfix01 X.X.X.X:10000 send-proxy check
<snip>
I am running haproxy-1.5_dev18 in front of Postfix 2.10.0 SMTP servers
using the PROXY protocol.
As far as I could see in the 1.5_dev18 code, the smtpchk option does not
send the appropriate PROXY protocol chatter during the health check when
send-proxy is enabled. I tried to patch this but couldn't see an easy way to
do so with the current health check code (I can't remember the details right
now).
The two options I came up with were:
1. fallback to TCP checking
2. perform the SMTP check some other way
We are now doing #2 and are doing the SMTP check (without the PROXY
protocol) to a different set of listen ports on the Postfix servers.
Here's the relevant parts of our config:
postfixmaster.cf <http://master.cf>:
# Regular SMTP (no PROXY) on port 'smtp' (TCP 25)
smtp inet n - n - - smtpd
# A custom service which expects haproxy's PROXY protocol on
non-standard port 9025
9025 inet n - n - - smtpd -o
smtpd_upstream_proxy_protocol=haproxy
haproxy.cfg:
frontend f-smtp
bind ....:25
mode tcp
timeout client 1m
default_backend b-smtp
backend b-smtp
mode tcp
option smtpchk
timeout server 1m
# note: data port 9025 (w/PROXY); smtpchk port 25 (no PROXY).
server smtp1 <ip>:9025 send-proxy check port 25
server smtp2 <ip>:9025 send-proxy check port 25
server smtp3 <ip>:9025 send-proxy check port 25
Tom
