Dovecot - Postfix with HAproxy
Michael JOIGNY
mjoigny at neteven.com
Tue Oct 13 15:15:41 UTC 2015
Hi Everyone,
I wouldlike to set up a postfix-dovecot with HA using HAproxy but im
facing issues.
I've followed this documentation :
http://wiki2.dovecot.org/HAProxy (pour dovecot)
http://blog.haproxy.com/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/
(pour postfix)
Package's version :
dovecot : 2:2.2.19 (>= 2.2.19 pour proxy protocol)
haproxy : 1.5.14
postfix : 2.11.2-1 (>2.10 pour postscreen)
A part of my configuration :
##HAPROXY
#postfix
listen smtp
bind mail.xx.xx:465
balance roundrobin
timeout client 1m
timeout connect 5s
no option http-server-close
mode tcp
option smtpchk
option tcplog
server tst tst.xxx:10465 send-proxy
server tst2 tst2.xxx:10465 send-proxy
server tst3 tst3.xxx:10465 send-proxy
#dovecot
listen imap
bind mail.xxx.xx:993
timeout client 1m
no option http-server-close
balance leastconn
stick store-request src
stick-table type ip size 200k expire 30m
mode tcp
option tcplog
server tst tst.xxx:10993 send-proxy-v2
server tst2tst2.xxx:10993 send-proxy-v2
server tst3 tst3.xxx:10993 send-proxy-v2
##POSTFIX
postix main.cf
#Haproxy proxy protocol
postscreen_upstream_proxy_protocol = haproxy
postfix master.cf
#haproxy
10465 inet n – n – 1 postscreen
smtpd pass – – n – – smtpd
S
##DOVECOT
# 2.2.19 (719e7f8fd70b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.9
# OS: Linux 2.6.32-41-pve x86_64 Debian 7.9 simfs
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
*haproxy_timeout = 5 secs**
**haproxy_trusted_networks = x.x.x.x*
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/mailbox/%d/%n
mail_max_userip_connections = 0
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_global_path = /mailbox/globalsieverc
}
protocols = sieve pop3 imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0660
user = mailboxes
}
unix_listener auth-userdb {
group = mail
mode = 0666
user = dovecot
}
user = root
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imap_haproxy {
haproxy = yes
port = 10993
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 450
}
service pop3-login {
inet_listener pop3 {
address = *
port = 110
}
process_limit = 180
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/star.key
userdb {
args = uid=5000 gid=5000 home=/mailbox/%d/%n/ allow_all_users=yes
driver = static
}
protocol imap {
imap_client_workarounds =
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
protocol sieve {
mail_location = maildir:/mailbox
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
hostname = xxx.yyy.com
log_path = /var/log/dovecot/deliver.log
mail_plugin_dir = /usr/lib/dovecot/modules
mail_plugins = sieve
postmaster_address = postmaster at xxx.yyy
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
sendmail_path = /usr/sbin/sendmail
}
With my mail client :
With an IMAP connection, logs below, i don't understand why my login is
empty ...
dovecot: imap-login: Disconnected: Too many invalid commands (no auth
attempts in 0 secs): *user=<>*, rip=mon_ip_publique,
lip=ip_publique_haproxy, session= xxx
With a SMTP connection, logs below, i have a timeout.
postfix/postscreen[16654]: CONNECT from [my public ip]:49942 to [my
haproxy public ip]:465
postfix/postscreen[16654]: PREGREET 166 after 0 from [mon ip
publique]:49942:
\22\3\1\161\1\157\3\3+0E\b\213\131\177\173>\r/\213\177i\223k”FjA#\144\145\153\vP\\\155HL\190
If someone could help me, thanks.
Kind regards.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sign_neteven.png
Type: image/png
Size: 20734 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151013/ee149a25/attachment-0001.png>
More information about the dovecot
mailing list