On 20/8/2015 11:09 μμ, Nikolaos Milas wrote:
As soon as I manage to re-build Dovecot with the latest snapshot, I'll test it!
Hello,
I've built dovecot with a today snapshot from hg (dovecot-2-2-9f815e781beb) and I am trying to enable haproxy.
I configured as follows (lines added compared to initial config are marked with +):
+ haproxy_trusted_networks = 62.217.xxx.xxx/29, 2001:648:xxx:xxx::/64
service auth {
+ inet_listener {
+ haproxy = yes
+ }
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0660
user = vmail
}
user = root
}
service imap-login {
service_count = 1
vsz_limit = 128 M
}
service pop3-login {
service_count = 1
vsz_limit = 128 M
}
Dovecot starts OK and accepts connections successfully as usual, but when I add the 'send-proxy' directive on haproxy server nodes (in haproxy.cfg), clients cannot login.
With pop3s, imaps, I get errors of the form:
Aug 21 13:30:04 vdev dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<m1tAwM8dDQA+2XwE> Aug 21 13:30:14 vdev dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<PCjXwM8degA+2XwE> Aug 21 13:30:15 vdev dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<MeTtwM8dfAA+2XwE>
With pop3, imap, I get failed auth messages:
Aug 21 14:18:12 vdev dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 14 secs): user=<tester>, method=PLAIN, rip=62.217.124.4, lip=195.251.204.232, session=<h2yOa9AdKQA+2XwE>
Aug 21 14:20:33 vdev dovecot: auth: plain(?,{haproxy-server-ip-address},<r2/KdNAdYQA+2XwE>): Invalid base64 data in continued response Aug 21 14:20:38 vdev dovecot: auth: plain(?,{haproxy-server-ip-address},<f8AZddAdZwA+2XwE>): Invalid base64 data in continued response Aug 21 14:20:38 vdev dovecot: imap-login: Disconnected (auth failed, 1 attempts in 0 secs): user=<>, method=PLAIN, rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, session=<f8AZddAdZwA+2XwE>
Note: I have replaced real IP addresses with {haproxy-server-ip-address} and {local-dovecot-server-ip-address}.
Should I configure things differently?
Please advise.
Thanks, Nick