Hi
I known that but I terminated tls via haproxy
master.cf:
#normal
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
#normal
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
#behind haproxy
10587 inet n - - - - smtpd
-o syslog_name=postfix/submission-haproxy
-o smtpd_upstream_proxy_protocol=haproxy
#behind haproxy
10465 inet n - - - - smtpd
-o syslog_name=postfix/smtps-haproxy
-o smtpd_tls_wrappermode=yes
-o smtpd_upstream_proxy_protocol=haproxy
#behind haproxy
2525 inet n - - - - smtpd
-o syslog_name=postfix/smtp-haproxy
-o smtpd_upstream_proxy_protocol=haproxy
I try in haproxy like any options:
....
frontend ft_ssmtp
bind 0.0.0.0:465 ssl crt /etc/dovecot/ssl/cert.pem
mode tcp
timeout client 1m
log global
default_backend bk_ssmtp
backend bk_ssmtp
mode tcp
timeout server 1m
timeout connect 5s
# server postfix1 12.xxx.xxx.xxx:10465 send-proxy check maxconn 2000
weight 2
server postfix1 12.xxx.xxx.xxx:10587 send-proxy-v2 check maxconn 2000
weight 2
W dniu 17.04.2025 o 14:40, Wietse Venema via Postfix-users pisze:
natan via Postfix-users:
Hi
For test I use setup like haproxy + postfix - works fine via 587 /
587+tls and I have problem with 465
The port 465 service MUST have "-o smtpd_tls_wrappermode=yes"
in master.cf, and all connections to port 465 MUST be encrypted
(without sending a STARTTLS command).
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
--
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org