There is not mentioned if it will or will not work, that's why I experimented :) 2015 kov. 28 01:50 "Wietse Venema" <wie...@porcupine.org> rašė:
> Edgaras Luko?evi?ius: > [ Charset windows-1252 converted... ] > > Hello, > > > > is it possible to configure configure haproxy to work with postfix sasl > and dovecot auth like this: > > > > clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1, > 20025:auth-backend-2 > > What Postfix documentation promises that this will work? > > Wietse > > The configuration I have now gives me this error when haproxy change > backend server, and when server is changed back to primary I am able to > login successfully again: > > 535 5.7.8 Error: authentication failed: Connection lost to > authentication server > > > > Postfix sasl don?t establish new connection to auth service every time > new auth request arrives (keeps connection open), but haproxy change > servers while session is still active. > > > > Note that haproxy is between postfix and dovecot and is not facing > clients directly, so there is no way to keep persistent connections by > client ip. > > > > # VERSIONs > > > > POSTFIX: mail_version = 2.10.1 > > DOVECOT: 2.2.10 > > > > > > # POSTFIX > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_authenticated_header = yes > > smtpd_sasl_exceptions_networks = > > smtpd_sasl_local_domain = > > smtpd_sasl_path = inet:127.0.0.1:20025 <? HAProxy > > smtpd_sasl_security_options = noanonymous > > smtpd_sasl_tls_security_options = $smtpd_sasl_security_options > > smtpd_sasl_type = dovecot > > > > > > # HAPROX > > frontend postfix-sasl > > bind 127.0.0.1:20025 > > default_backend dovecot-auth > > > > backend dovecot-auth > > mode tcp > > option tcplog > > option srvtcpka > > hash-type consistent > > > > balance roundrobin > > server mail-backend-1 31.220.19.52:20025 check > > server mail-backend-2 31.220.19.53:20025 check >
