Dovecot - Postfix with HAproxy

Michael JOIGNY mjoigny at neteven.com
Tue Oct 13 15:15:41 UTC 2015 

Hi Everyone,

I wouldlike to set up a postfix-dovecot with HA using HAproxy but im 
facing issues.

I've followed this documentation :

     http://wiki2.dovecot.org/HAProxy (pour dovecot)
http://blog.haproxy.com/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/ 
(pour postfix)

Package's version :

     dovecot : 2:2.2.19 (>= 2.2.19 pour proxy protocol)
     haproxy : 1.5.14
     postfix : 2.11.2-1 (>2.10 pour postscreen)

A part of my configuration  :

##HAPROXY
#postfix
listen smtp
bind mail.xx.xx:465
balance roundrobin
timeout client 1m
timeout connect 5s
no option http-server-close
mode tcp
option smtpchk
option tcplog
server tst tst.xxx:10465 send-proxy
server tst2 tst2.xxx:10465 send-proxy
server tst3 tst3.xxx:10465 send-proxy

#dovecot
listen imap
bind mail.xxx.xx:993
timeout client 1m
no option http-server-close
balance leastconn
stick store-request src
stick-table type ip size 200k expire 30m
mode tcp
option tcplog
server tst tst.xxx:10993 send-proxy-v2
server tst2tst2.xxx:10993 send-proxy-v2
server tst3 tst3.xxx:10993 send-proxy-v2

##POSTFIX

postix main.cf
#Haproxy proxy protocol
postscreen_upstream_proxy_protocol = haproxy

postfix master.cf
#haproxy
10465 inet n – n – 1 postscreen
smtpd pass – – n – – smtpd
S

##DOVECOT

# 2.2.19 (719e7f8fd70b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.9
# OS: Linux 2.6.32-41-pve x86_64 Debian 7.9 simfs
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
*haproxy_timeout = 5 secs**
**haproxy_trusted_networks = x.x.x.x*
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/mailbox/%d/%n
mail_max_userip_connections = 0
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate
passdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
   sieve_global_path = /mailbox/globalsieverc
}
protocols = sieve pop3 imap
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-master {
     mode = 0660
     user = mailboxes
   }
   unix_listener auth-userdb {
     group = mail
     mode = 0666
     user = dovecot
   }
   user = root
}
service imap-login {
   inet_listener imap {
     port = 0
   }
   inet_listener imap_haproxy {
     haproxy = yes
     port = 10993
   }
   inet_listener imaps {
     address = *
     port = 993
   }
   process_limit = 450
}
service pop3-login {
   inet_listener pop3 {
     address = *
     port = 110
   }
   process_limit = 180
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/star.key
userdb {
   args = uid=5000 gid=5000 home=/mailbox/%d/%n/ allow_all_users=yes
   driver = static
}
protocol imap {
   imap_client_workarounds =
}
protocol pop3 {
   pop3_uidl_format = %08Xu%08Xv
}
protocol sieve {
   mail_location = maildir:/mailbox
}
protocol lda {
   auth_socket_path = /var/run/dovecot/auth-master
   hostname = xxx.yyy.com
   log_path = /var/log/dovecot/deliver.log
   mail_plugin_dir = /usr/lib/dovecot/modules
   mail_plugins = sieve
   postmaster_address = postmaster at xxx.yyy
   rejection_reason = Your message to <%t> was automatically rejected:%n%r
   rejection_subject = Rejected: %s
   sendmail_path = /usr/sbin/sendmail
}


With my mail client :

With an IMAP connection, logs below, i don't understand why my login is 
empty ...

dovecot: imap-login: Disconnected: Too many invalid commands (no auth 
attempts in 0 secs): *user=<>*, rip=mon_ip_publique, 
lip=ip_publique_haproxy, session= xxx

With a SMTP connection, logs below, i have a timeout.

postfix/postscreen[16654]: CONNECT from [my public ip]:49942 to [my 
haproxy public ip]:465
postfix/postscreen[16654]: PREGREET 166 after 0 from [mon ip 
publique]:49942: 
\22\3\1\161\1\157\3\3+0E\b\213\131\177\173>\r/\213\177i\223k”FjA#\144\145\153\vP\\\155HL\190

If someone could help me, thanks.

Kind regards.

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sign_neteven.png
Type: image/png
Size: 20734 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151013/ee149a25/attachment-0001.png>

More information about the dovecot mailing list