Hi, On 14.10.2015 15:57, Michael JOIGNY wrote: > Hi, > > Thanks for your quick answer Thomas !
Please dont use TOP-POSTING. This is evil! > > SMTP and IMAP works now, but i wouldlike to use SSL TLS on both but it's > ok only with IMAP : > > * port 993 > * encrypted password > * security SSL TLS > I think we can call this IMAPS, as referencing /etc/protocols you can also try add imap on port 143 with STARTTLS. > > How can i use SSL TLS with SMTP in my thunderbird's settings, because > it's only works with : > TLS with SMTP works on Port 25 SSL with SMTP works on Port 465. - There is a pending fix from postfix, so that is working again. > * port 25 > * encrypted password > * security : none > > Do you have an idea ? I cant see why * port 25 * plain password * security TLS should not work. Or maybe i did not understand you right...? > > Kind regards ! > cheers thomas > > Le 14/10/2015 13:25, Thomas Heil a écrit : >> Hi, >> >> On 13.10.2015 17:28, Michael JOIGNY wrote: >>> Hi Everyone, >>> >>> I wouldlike to set up a postfix-dovecot with HA using HAproxy but im >>> facing issues. >>> >>> I've followed this documentation : >>> >>> http://wiki2.dovecot.org/HAProxy (pour dovecot) >>> >>> http://blog.haproxy.com/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/ >>> (pour postfix) >>> >>> Package's version : >>> >>> dovecot : 2:2.2.19 (>= 2.2.19 pour proxy protocol) >>> haproxy : 1.5.14 >>> postfix : 2.11.2-1 (>2.10 pour postscreen) >>> >>> A part of my configuration : >>> >>> ##HAPROXY >>> #postfix >>> listen smtp >>> bind mail.xx.xx:465 >>> balance roundrobin >>> timeout client 1m >>> timeout connect 5s >>> no option http-server-close >>> mode tcp >>> option smtpchk >>> option tcplog >>> server tst tst.xxx:10465 send-proxy >>> server tst2 tst2.xxx:10465 send-proxy >>> server tst3 tst3.xxx:10465 send-proxy >>> >> you cant use port 465, please use port 25. The SMTPS is ancient and not >> support via proxy protocol. Iam refering to your listen port. >> >> -- >> listen smtp >> bind mail.xx.xx:25 >> .. >> server tst tst.xxx:10465 send-proxy >> -- >> >>> #dovecot >>> listen imap >>> bind mail.xxx.xx:993 >>> timeout client 1m >>> no option http-server-close >>> balance leastconn >>> stick store-request src >>> stick-table type ip size 200k expire 30m >>> mode tcp >>> option tcplog >>> server tst tst.xxx:10993 send-proxy-v2 >>> server tst2tst2.xxx:10993 send-proxy-v2 >>> server tst3 tst3.xxx:10993 send-proxy-v2 >>> >>> ##POSTFIX >>> >>> postix main.cf >>> #Haproxy proxy protocol >>> postscreen_upstream_proxy_protocol = haproxy >>> >>> postfix master.cf >>> #haproxy >>> 10465 inet n – n – 1 postscreen >>> smtpd pass – – n – – smtpd >>> S >>> >>> ##DOVECOT >>> >>> haproxy_timeout = 5 secs >>> haproxy_trusted_networks = x.x.x.x >>> inet_listener imap_haproxy { >>> haproxy = yes >>> port = 10993 >>> } >>> >> here you are missing the ssl=yes keyword. >> >> -- >> conf.d/10-master.conf >> - >> haproxy_trusted_networks = x.x.x.x >> >> service imap-login { >> inet_listener imap { >> port = 143 >> } >> inet_listener imaps { >> port = 993 >> ssl = yes >> } >> inet_listener imap_haproxy { >> port = 10143 >> haproxy = yes >> } >> inet_listener imaps_haproxy { >> port = 10993 >> ssl = yes >> haproxy = yes >> } >> >> -- >> >>> With my mail client : >>> >>> With an IMAP connection, logs below, i don't understand why my login is >>> empty ... >>> >>> dovecot: imap-login: Disconnected: Too many invalid commands (no auth >>> attempts in 0 secs): *user=<>*, rip=mon_ip_publique, >>> lip=ip_publique_haproxy, session= xxx >>> >>> With a SMTP connection, logs below, i have a timeout. >>> >>> postfix/postscreen[16654]: CONNECT from [my public ip]:49942 to [my >>> haproxy public ip]:465 >>> postfix/postscreen[16654]: PREGREET 166 after 0 from [mon ip >>> publique]:49942: >>> \22\3\1\161\1\157\3\3+0E\b\213\131\177\173>\r/\213\177i\223k”FjA#\144\145\153\vP\\\155HL\190 >>> >> it seems postscreen does not understand the proxy protocol. >> >>> If someone could help me, thanks. >>> >>> Kind regards. >>> -- >> cheers >> thomas >> > > --
