[pfx] Re: haproxy behind smtp

Thu, 17 Apr 2025 05:53:12 -0700 

W dniu 17.04.2025 o 14:11, natan via Postfix-users pisze:

Hi
For test I use setup like haproxy + postfix - works fine via 587 / 587+tls and I have problem with 465 

....
frontend ft_submission
  bind 0.0.0.0:587
  mode tcp
  timeout client 1m
  log global
  default_backend bk_submission

backend bk_submission
  mode tcp
        timeout server 1m
        timeout connect 5s


  server postfix1 12.xxx.xxx.xxx:10587 send-proxy check maxconn 2000 
weight 2


frontend ft_ssmtp
  bind 0.0.0.0:465 ssl crt /etc/dovecot/ssl/cert.pem
  mode tcp
  timeout client 1m
  log global
  default_backend bk_ssmtp

backend bk_ssmtp
  mode tcp
        timeout server 1m
        timeout connect 5s


  server postfix1 12.xxx.xxx.xxx:10587 send-proxy check maxconn 2000 
weight 2
 # server postfix1 12.xxx.xxx.xxx:10465 send-proxy check maxconn 2000 
weight 2

.....

master.cf:
10587 inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission-haproxy
  -o smtpd_upstream_proxy_protocol=haproxy

10465     inet  n    -    -    -    -    smtpd
  -o syslog_name=postfix/smtps-haproxy
  -o smtpd_upstream_proxy_protocol=haproxy


If I testev via:
openssl s_client -connect haproxy.domain.ltd:465 -crlf

works fine after AUTH LOGIN etc

If i test via swaks

1)swaks --auth LOGIN --server haproxy.domain.ltd --port 587 --to 
us...@domain.ltd --from us...@domain.ltd --auth-user us...@domain.ltd 
--auth-password ..... --tls ------ works fine
2)swaks --auth LOGIN --server haproxy.domain.ltd --port 465 --to 
us...@domain.ltd --from us...@domain.ltd --auth-user us...@domain.ltd 
--auth-password ..... --tls

i get only:
=== Trying xx.xxx.xxx.166:465...
=== Connected to xxx.xxx.xxx.166.

If i try

swaks --auth LOGIN --server haproxy.domain.ltd --port 465 --to 
us...@domain.ltd --from us...@domain.ltd --auth-user us...@domain.ltd 
--auth-password ..... --tlsc (--tls-on-connect)

connect ok end sending e-mail

but not then any smtp klients like thunderbird


and nothing


If I try send e-mail via 465 via thunderbird - trying and trying and 
nothing


Where i find the problem ? Certyfikat is correct


--

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


--

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to