Wietse Venema:
> Lukas Erlacher:
> > Something goes wrong with establishing the SSL session:
> >
> > Aug 31 09:52:47 mail postfix-from-user/smtpd[2416]: connect from
> > a-mua.informatik.tu-muenchen.de[xxx.xxx.42.153]
>
> The HaProxy hand-over succeeds: Postfix gets a client name and address.
>
> > Aug 31 09:52:49 mail postfix-from-user/smtpd[2416]: SSL_accept error from
> > mailclient[xxx.xxx.42.153]: lost connection
> > Aug 31 09:52:49 mail postfix-from-user/smtpd[2416]: lost connection after
> > CONNECT from mailclient[xxx.xxx.42.153]
> > Aug 31 09:52:49 mail postfix-from-user/smtpd[2416]: disconnect from
> > mailclient[xxx.xxx.42.153]
>
> I suspect that when the TLS hello becomes appended to the HaProxy server data,
> the Postfix HaProxy client reads part of the TLS hello.
> Fixing that would require setting the input read buffer size to 1:
Please try this.
Wietse
*** ./src/smtpd/smtpd_haproxy.c- 2012-06-30 17:12:00.000000000 -0400
--- ./src/smtpd/smtpd_haproxy.c 2015-09-23 16:57:02.000000000 -0400
***************
*** 103,108 ****
--- 103,116 ----
*/
#define ENABLE_DEADLINE 1
+ /*
+ * Don't buffer beyond the end-of-line. Setting a small buffer is
+ * meaningful only before the first I/O operation happens.
+ */
+ vstream_control(state->client,
+ VSTREAM_CTL_BUFSIZE, 1,
+ VSTREAM_CTL_END);
+
smtp_stream_setup(state->client, var_smtpd_uproxy_tmout, ENABLE_DEADLINE);
switch (io_err = vstream_setjmp(state->client)) {
default:
***************
*** 139,144 ****
--- 147,159 ----
state->port = mystrdup(smtp_client_port.buf);
/*
+ * Enable normal buffering.
+ */
+ vstream_control(state->client,
+ VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
+ VSTREAM_CTL_END);
+
+ /*
* Avoid surprises in the Dovecot authentication server.
*/
state->dest_addr = mystrdup(smtp_server_addr.buf);
