Hi viet Your last chance is to capturethe check with tcpdump and send it back to me. Might be a bug, either in Haproxy or postfix.
Baptiste Le 28 mai 2013 09:12, "Viet Hoang" <[email protected]> a écrit : > Hi Baptiste, > > My banner is normal indeed. > > I have checked with telnet and HAProxy without Proxy Protocol. > > Telnet directly: > > root@postfix01:~/postfix-2.10.0# telnet X.X.X.X 25 > Trying X.X.X.X... > Connected to X.X.X.X. > Escape character is '^]'. > 220 mail.mydomain.com ESMTP Postfix (Ubuntu) > > Connect via HAProxy without Proxy Protocol: > > 220 mail.mydomain.com ESMTP Postfix (Ubuntu) > > Viet > > On 05/28/2013 01:30 PM, Baptiste wrote: > > Hi Vit, > > You're right about HAProxy's smtp check. > Furthermore, here is what the SMTP RFC says: > "Formally, a reply is defined to be the sequence: a three-digit code, > <SP>, one line of text, and <CRLF>" > > Your welcome banner doesn't follow the RFC. There may be some options in > Postfix to set to change this behavior. > > Baptiste > > > > > On Tue, May 28, 2013 at 5:54 AM, Vit Dua <[email protected]> wrote: > >> Hi, >> >> There is an option in HAProxy 1.5 doc: >> >> >> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#check-send-proxy >> >> And this thread: >> >> http://comments.gmane.org/gmane.comp.web.haproxy/11551 >> >> I have set in HAProxy config: >> >> server postfix01 X.X.X.X:10000 check check-send-proxy send-proxy >> >> and double-check Postfix's main.cf file: >> >> postscreen_upstream_proxy_protocol = haproxy >> >> but there is still that error: >> >> May 28 10:47:17 localhost haproxy[9495]: Server ft_postfix/postfix01 >> is DOWN, reason: Layer7 invalid response, info: "220-mail.mydomain.comESMTP >> Postfix (Ubuntu)", check duration: 1ms. 0 active and 0 backup servers >> left. 0 sessions active, 0 requeued, 0 remaining in queue. >> May 28 10:47:17 localhost haproxy[9495]: proxy ft_postfix has no server >> available! >> >> >> I have a look at HAProxy source code and see that it checks if the server >> speaks <digit><digit><digit><space> (not sure). >> >> I have to choose tcp check instead. It works normally. >> >> Viet >> >> >> On 05/28/2013 12:02 AM, Tom Lanyon wrote: >> >> On 27/05/2013, at 5:04 PM, Vit Dua <[email protected]> <[email protected]> >> wrote: >> >> I have used proxy protocol for SMTP >> >> <snip> >> >> It worked successfully. >> >> I wanted to do smtpchk so that I added to the config: >> >> server postfix01 X.X.X.X:10000 send-proxy check >> >> <snip> >> >> I am running haproxy-1.5_dev18 in front of Postfix 2.10.0 SMTP servers using >> the PROXY protocol. >> >> As far as I could see in the 1.5_dev18 code, the smtpchk option does not >> send the appropriate PROXY protocol chatter during the health check when >> send-proxy is enabled. I tried to patch this but couldn't see an easy way >> to do so with the current health check code (I can't remember the details >> right now). >> >> The two options I came up with were: >> >> 1. fallback to TCP checking >> 2. perform the SMTP check some other way >> >> We are now doing #2 and are doing the SMTP check (without the PROXY >> protocol) to a different set of listen ports on the Postfix servers. >> >> Here's the relevant parts of our config: >> >> postfix master.cf: >> # Regular SMTP (no PROXY) on port 'smtp' (TCP 25) >> smtp inet n - n - - smtpd >> # A custom service which expects haproxy's PROXY protocol on >> non-standard port 9025 >> 9025 inet n - n - - smtpd -o >> smtpd_upstream_proxy_protocol=haproxy >> >> haproxy.cfg: >> frontend f-smtp >> bind ....:25 >> mode tcp >> timeout client 1m >> default_backend b-smtp >> >> backend b-smtp >> mode tcp >> option smtpchk >> timeout server 1m >> # note: data port 9025 (w/PROXY); smtpchk port 25 (no PROXY). >> server smtp1 <ip>:9025 send-proxy check port 25 >> server smtp2 <ip>:9025 send-proxy check port 25 >> server smtp3 <ip>:9025 send-proxy check port 25 >> >> Tom >> >> >> >> > >
