On 19/04/2019 19:58, Chris Thomas via dovecot wrote:
Hi,
I have a nginx server which is using the proxy protocol to forward tcp connections to dovecot. Dovecot is configured to be a submission service for email to be sent. Then postfix should send the email itself which is also using the ha proxy protocol. There are a few moving parts in this problem so I'm not sure where the problem is. But I want to ask if somebody can validate my dovecot configuration somehow so I can start to tick off some things from the list.
Sending email fails, seems to get to postfix, then die Receiving emails succeeds and I don't have any problem to pick them up.
I've figured out some stuff, like lmtp shouldn't use haproxy when talking between postfix -> dovecot for receiving emails. If I enable the protocol on lmtp, I can't receive any emails at all.
In order to get postfix to accept emails, I enabled haproxy protocol and enabled postscreen and then postfix could access the source ip and stop my server from being an open relay.
I've got tls certificates installed on dovecot and postfix, all created by letsencrypt and I don't appear to have any problems with them.
I will try to give as much information about the config as I can, I'm not sure what other parts are good to have, but let me know if you are missing something or want to check a value.
You enabled haproxy both for nginx<->dovecot and dovecot<->postfix. Dovecot does not support haproxy for outgoing connections, so the latter wont work.
Regards,
Stephan.
10-master.conf: service submission-login { inet_listener submission { port = 587 haproxy = yes } }
service lmtp { inet_listener lmtp { port = 24 haproxy = no } }
20-submission.conf submission_relay_host = postfix.mail-server submission_relay_port = 25 submission_relay_ssl = starttls submission_relay_ssl_verify = yes
Then because it might help to give the other side of the connection configuration for postfix, here is the relevant information:
master.cf: smtp inet n - - - 1 postscreen smtpd pass - - - - - smtpd
main.cf postscreen_upstream_proxy_protocol = haproxy postscreen_upstream_proxy_timeout = 10s
That's it. I don't know what other information could be useful.
There are some logs, they are like this (I've got logging turned on for pretty much every option I have:
Dovecot logs:
Apr 19 17:54:47 submission(__EMAIL__)<497>
: Debug: Added userdb setting: plugin/quota_rule=*:bytes=0 Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: Effective uid=8, gid=8, home=/mail/__DOMAIN_COM__/__USER__ Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:/mail/__DOMAIN_COM__/__USER__ Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: maildir++: root=/mail/__DOMAIN_COM__/__USER__, index=, indexpvt=, control=, inbox=/mail/__DOMAIN_COM__/__USER__, alt= Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: smtp-server: conn __IP_ADDR_1__:31217 [0]: Connection created Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: Connection created Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: Looking up IP address Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: DNS lookup successful; got 1 IPs Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: Connecting to 10.104.211.161:25 Apr 19 17:54:47 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: Connected Apr 19 17:54:57 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: Received greeting from server: 421 4.3.2 No system resources Apr 19 17:54:57 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: Connection failed: 421 4.3.2 No system resources Apr 19 17:54:57 submission(__EMAIL__)<497> : Error: Failed to establish relay connection: 421 4.3.2 No system resources Apr 19 17:54:57 submission(__EMAIL__)<497> : Debug: smtp-client: conn postfix.mail-server:25 [0]: Disconnected Apr 19 17:54:57 submission(__EMAIL__)<497> : Info: Disconnect from __IP_ADDR_1__: Failed to establish relay connection in=0 out=22 (state=GREETING) Apr 19 17:54:57 submission(__EMAIL__)<497> : Debug: smtp-server: conn __IP_ADDR_1__:31217 [0]: Disconnected: Failed to establish relay connection Postfix Logs: postfix/postscreen[525]: warning: haproxy read: time limit exceeded
If anybody could help out, I'd be grateful because I just can't see what the problem is.
Chris