I have a working configuration for a couple of MTAs listening on TCP/25. The layer 7 health checks work just fine with:
---CUT--->8---CUT--- listen MTA bind xx.xx.xx.xx:25 bind XX:XX:XX:XX::XXXX:25 mode tcp option tcpka option tcplog option smtpchk HELO lb1.example.org no option http-server-close log global balance leastconn server MTA1 xx.xx.xx.xx:25 check-send-proxy send-proxy check server MTA2 xx.xx.xx.xx:25 check-send-proxy send-proxy check ---CUT--->8---CUT--- In addition to this, I also have the same servers listening on TCP/465 for SSL authenticated connections, with layer 7 health checks being performed on the TCP/25 port: ---CUT--->8---CUT--- listen MTASSL bind xx.xx.xx.xx:465 bind XX:XX:XX:XX::XX:465 mode tcp option tcpka option tcplog option smtpchk HELO lb1.net.tain.com no option http-server-close log global balance leastconn server MTA1 xx.xx.xx.xx:465 port 25 check-send-proxy send-proxy check server MTA2 xx.xx.xx.xx:465 port 25 check-send-proxy send-proxy check ---CUT--->8---CUT--- The problem I am finding is that connections on the SSL side do not cleanly complete. Can someone show me exactly where I am making an error in here?
