On 20/8/2015 11:09 μμ, Nikolaos Milas wrote:
As soon as I manage to re-build Dovecot with the latest snapshot, I'll test it!
Hello,
I've built dovecot with a today snapshot from hg (dovecot-2-2-9f815e781beb) and I am trying to enable haproxy.
I configured as follows (lines added compared to initial config are marked with +):
+ haproxy_trusted_networks = 62.217.xxx.xxx/29, 2001:648:xxx:xxx::/64
service auth {
+ inet_listener {
+ haproxy = yes
+ }
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0660
user = vmail
}
user = root
}
service imap-login {
service_count = 1
vsz_limit = 128 M
}
service pop3-login {
service_count = 1
vsz_limit = 128 M
}Dovecot starts OK and accepts connections successfully as usual, but when I add the 'send-proxy' directive on haproxy server nodes (in haproxy.cfg), clients cannot login.
With pop3s, imaps, I get errors of the form:
Aug 21 13:30:04 vdev dovecot: pop3-login: Disconnected (no auth attempts
in 0 secs): user=<>, rip={haproxy-server-ip-address},
lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept()
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol, session=
With pop3, imap, I get failed auth messages:
Aug 21 14:18:12 vdev dovecot: pop3-login: Disconnected (auth failed, 1
attempts in 14 secs): user=<tester>, method=PLAIN, rip=62.217.124.4,
lip=195.251.204.232, session=
Aug 21 14:20:33 vdev dovecot: auth:
plain(?,{haproxy-server-ip-address},
Note: I have replaced real IP addresses with {haproxy-server-ip-address} and {local-dovecot-server-ip-address}.
Should I configure things differently?
Please advise.
Thanks, Nick