Re: PROXY protocol

Fri, 21 Aug 2015 04:32:34 -0700 

On 20/8/2015 11:09 μμ, Nikolaos Milas wrote:
As soon as I manage to re-build Dovecot with the latest snapshot, I'll test it! 

Hello,


I've built dovecot with a today snapshot from hg 
(dovecot-2-2-9f815e781beb) and I am trying to enable haproxy.



I configured as follows (lines added compared to initial config are 
marked with +):


   + haproxy_trusted_networks = 62.217.xxx.xxx/29, 2001:648:xxx:xxx::/64

   service auth {
   +  inet_listener {
   +    haproxy = yes
   +  }
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
      }
      unix_listener auth-master {
        group = vmail
        mode = 0660
        user = vmail
      }
      user = root
   }

   service imap-login {
      service_count = 1
      vsz_limit = 128 M
   }

   service pop3-login {
      service_count = 1
      vsz_limit = 128 M
   }


Dovecot starts OK and accepts connections successfully as usual, but 
when I add the 'send-proxy' directive on haproxy server nodes (in 
haproxy.cfg), clients cannot login.


With pop3s, imaps, I get errors of the form:


Aug 21 13:30:04 vdev dovecot: pop3-login: Disconnected (no auth attempts 
in 0 secs): user=<>, rip={haproxy-server-ip-address}, 
lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept() 
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
protocol, session=<m1tAwM8dDQA+2XwE>
Aug 21 13:30:14 vdev dovecot: imap-login: Disconnected (disconnected 
before auth was ready, waited 0 secs): user=<>, 
rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, 
TLS handshaking: SSL_accept() failed: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<PCjXwM8degA+2XwE>
Aug 21 13:30:15 vdev dovecot: imap-login: Disconnected (no auth attempts 
in 0 secs): user=<>, rip={haproxy-server-ip-address}, 
lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept() 
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
protocol, session=<MeTtwM8dfAA+2XwE>


With pop3, imap, I get failed auth messages:


Aug 21 14:18:12 vdev dovecot: pop3-login: Disconnected (auth failed, 1 
attempts in 14 secs): user=<tester>, method=PLAIN, rip=62.217.124.4, 
lip=195.251.204.232, session=<h2yOa9AdKQA+2XwE>



Aug 21 14:20:33 vdev dovecot: auth: 
plain(?,{haproxy-server-ip-address},<r2/KdNAdYQA+2XwE>): Invalid base64 
data in continued response
Aug 21 14:20:38 vdev dovecot: auth: 
plain(?,{haproxy-server-ip-address},<f8AZddAdZwA+2XwE>): Invalid base64 
data in continued response
Aug 21 14:20:38 vdev dovecot: imap-login: Disconnected (auth failed, 1 
attempts in 0 secs): user=<>, method=PLAIN, 
rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, 
session=<f8AZddAdZwA+2XwE>



Note: I have replaced real IP addresses with {haproxy-server-ip-address} 
and {local-dovecot-server-ip-address}.


Should I configure things differently?

Please advise.

Thanks,
Nick






















					Reply via email to