Hi Simon, On Wed, Jun 25, 2014 at 01:27:51PM +0900, Simon Horman wrote: (...) > > We had such an idea in the past, however the principle was to use the > > address of a smart relay host. We cannot use a command because the process > > is supposed to be chrooted. > > Thanks, if that is the direction you wish to take things then I'm happy to > do so. I guess a simple SMTP client is not an insurmountable challenge. But > I wonder if there is any infrastructure in haproxy that might make such an > implementation easier. If so, could you point me at it?
Yes, please look at two things : - tcp-check - peers tcp-checks can already be used to send complete e-mails, they act on steps, are woken up every time something changes, etc... And since you've worked with health checks, it's probably an area you'll be more familiar with. Peers are made of a client that gets woken up by other tasks to send their contents to the other side. Looks at src/stick_table.c:stktable_touch() and at its call from src/session.c:process_store_rules() to get an idea. I think your use case is very close from these two above combined. > > Also, in my opinion the SMTP relay should be > > per section (ie: supported in the defaults section) because in shared > > environments, customers want to use a different gateway and e-mail > > settings. > > Yes, I agree that sounds like a good idea. > > > In fact in the ALOHA we have implemented a daemon which watches > > the unix socket to send e-mails because by then it was too much work to > > implement it natively. Now it should be much simpler. > > I'm clad to hear it will be simpler though I'm not sure that I understand > why this is so. Because we wanted to do this at times of version 1.3 or so, when it wasn't possible to have independant tasks living their own life as we have now (eg: peers & checks). > I would prefer to only handle plain-text to start with. Yes, sure that will be enough for a start. > To allow a working prototype to be slightly closer to hand. > But I agree that SSL support, I assume in the form of STLS, > is an important feature. STARTTLS can be more difficult to implement, as it requires switching the connection's protocol once it's already established and communicating. I'd expect a number of surprizes there. But sending over TLS to port 465 should be very easy (again, see how tcp-check currently deals with this : if check-ssl is set, then the whole connection is made over SSL/TLS). Do not hesitate to ask if you find anything that's unclear ! Cheers, Willy
