Hi
I known that but I terminated tls via haproxy

master.cf:

#normal
submission inet n       -       -    -    -    smtpd
  -o syslog_name=postfix/submission

#normal
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes

#behind haproxy
10587 inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission-haproxy
  -o smtpd_upstream_proxy_protocol=haproxy

#behind haproxy
10465     inet  n       -       -       -    -    smtpd
  -o syslog_name=postfix/smtps-haproxy
  -o smtpd_tls_wrappermode=yes
  -o smtpd_upstream_proxy_protocol=haproxy

#behind haproxy
2525 inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtp-haproxy
  -o smtpd_upstream_proxy_protocol=haproxy

I try in haproxy like any options:

....
frontend ft_ssmtp
  bind 0.0.0.0:465 ssl crt /etc/dovecot/ssl/cert.pem
  mode tcp
  timeout client 1m
  log global
  default_backend bk_ssmtp

backend bk_ssmtp
  mode tcp
        timeout server 1m
        timeout connect 5s

#  server postfix1 12.xxx.xxx.xxx:10465 send-proxy check maxconn 2000 weight 2   server postfix1 12.xxx.xxx.xxx:10587 send-proxy-v2 check maxconn 2000 weight 2



W dniu 17.04.2025 o 14:40, Wietse Venema via Postfix-users pisze:
natan via Postfix-users:
Hi
For test I use setup like haproxy + postfix - works fine via 587 /
587+tls and I have problem with 465
The port 465 service MUST have "-o smtpd_tls_wrappermode=yes"
in master.cf, and all connections to port 465 MUST be encrypted
(without sending a STARTTLS command).

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

--

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to