Hi, using your configuration gives me this warnung:
[WARNING] 246/103726 (16071) : [/usr/sbin/haproxy.main()] FD limit (85535) too low for maxconn=65000/maxsock=130032. Please raise 'ulimit-n' to 130032 or more to avoid any trouble.
Other than that it makes no difference.I think I'm going to just emulate SMTPS by terminating SSL in haproxy and forwarding it to port 25...
Best, Luke
Well I created a very simple config.
/etc/haproxy.cfg
global
maxconn 65000
ulimit-n 85535
uid 0
gid 0
daemon
stats socket /var/run/haproxy.stat level admin
nbproc 1
cpu-map all 1 2
ssl-server-verify none
tune.ssl.default-dh-param 2048
defaults
mode tcp
no option http-server-close
timeout connect 5000
timeout client 50000
timeout server 50000
listen app1
bind :8080
mode http
stats enable
stats uri /
maxconn 200
frontend ft_smtps
bind :465
timeout client 1m
default_backend bk_postfix_smtps
backend bk_postfix_smtps
option tcp-check
timeout server 1m
timeout connect 5s
server mail-1 172.1.1.21:10464 send-proxy check
/etc/postfix/master.cf on 172.1.1.21
10464 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_upstream_proxy_protocol=haproxy
Would you mind trying ?
10464 inet n - n - - smtpd
instead of
10464 inet n - - - - smtpd
For haproxy...
The only differnce is that you use chroot and user haproxy.. Cou,ld you
please try with the default and global section in the minimal example?
cheers
thomas
-- Mit freundlichen Gruessen, Lukas Erlacher -- Rechnerbetriebsgruppe der Fakultäten Mathematik und Informatik Raum 00.05.042 Tel. 089-289-18258 [email protected] Technische Universität München - Boltzmannstr. 3 - 85748 Garching
smime.p7s
Description: S/MIME Cryptographic Signature
