Re: Health check of postfix without the logging noise

Sat, 28 Jan 2023 05:39:42 -0800 

> On 28 Jan 2023, at 13:40, Wietse Venema <wie...@porcupine.org> wrote:
> 
> Gerben Wierda:
>> Currently, every time haproxy checks if postfix is still alive,
>> e.g. on port 587, I see this in my logging:
>> 
>> Jan 28 13:13:20 albus submission/smtpd[97331]: warning: haproxy read: EOF
>> Jan 28 13:13:20 albus submission/smtpd[97331]: connect from unknown[unknown]
>> Jan 28 13:13:20 albus submission/smtpd[97331]: disconnect from 
>> unknown[unknown] commands=0/0
> 
> That is not a valid health check, it does not even complete the
> HaProxxy protocol handshake (that's why it logs "haproxy read:
> EOF"). You only verify TCP. Postfix could be comatose and this probe
> would not notice.

Yeah, I know. The reason I need it is that postfix itself is fine (never failed 
me yet), but the underlying macOS of one of my servers is flakey (and I'm not 
able to migrate yet for other reasons) so what happens is that if the OS runs 
out of TCP sockets (which it occasionally apparently does) it then still reacts 
to ping but nothing else until it hiccups and maybe garbage collects and then 
everything is fine again. So, for me, actually knowing something reacts to a 
TCP link is enough.

> A proper health check verifies that a service actually responds.

True.

> You can find more with "haproxy health check script". For example,
> Postfix should reply with a "220" status within 5 seconds.

Thanks, I have been looking at how to set this up, but so far no luck with the 
search engines...

My HAproxy configuration says for instance (for submission)

# Backend: mail.rna.nl.990 (postfix haproxy submssion pool)
backend mail.rna.nl.990
    option log-health-checks
    # health check: port990-health-monitor
    mode tcp
    balance roundrobin

    # tuning options
    timeout connect 30s
    timeout check 10s
    timeout server 30s
    server foo-990 192.168.2.100:990 check inter 300s port 990  send-proxy
    server bar-990 192.168.2.101:990 check inter 300s port 990  send-proxy

But that is the dumb check. What I need to find out now is what I have to do on 
the haproxy side so it properly does a postfix health check. All the examples 
on the internet I have been able to find all talk about web servers.

G

Reply via email to