I am in the process of setting up haproxy to load balance a few mail servers. I
have read up on TPROXY and Proxy protocol and have tried implementing TPROXY.
The issue I am running into is that smtp is not being recognized by my mail
clients (apple mail and thunderbird). However when I port scan my HAproxy node
port 25 shows as open. Below is the haproxy config I am using.
global
log /dev/log local0
log /dev/log local1 notice
maxconn 4096
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user root
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers
kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen stats :9090
balance
mode http
stats enable
stats auth admin:b2a2d8Lands
frontend ft_smtp
bind 1.1.1.1:25
mode tcp
no option http-server-close
timeout client 1m
log global
option tcplog
default_backend bk_postfix
backend bk_postfix
mode tcp
no option http-server-close
log global
option tcplog
timeout server 1m
timeout connect 5s
server postfix 2.2.2.2:10024 send-proxy
listen pop3 :110
mode tcp
option tcplog
balance roundrobin
server pop3 2.2.2.2:110 check
listen pop3s :995
mode tcp
option tcplog
balance roundrobin
server pop3s 2.2.2.2:995 check
listen imap :143
mode tcp
option tcplog
balance roundrobin
server imap 2.2.2.2:143 check
listen imaps :993
mode tcp
option tcplog
balance roundrobin
server imaps 2.2.2.2:993 check
This is the error message that I am receiving from the mail clients:
Could not connect to this SMTP server. Check you network connection and that
you entered the correct network connection and that you entered the correct
information in the Account Preferences.
— I have double check all of my setting in Account Preferences and they are
correct.
Thanks,
Jon Hoffart
This e-mail and any attachments may contain confidential material that may not
be disclosed, copied or distributed. If you are not the intended recipient(s),
please contact the sender and delete all copies.
