Hello,
is it possible to configure configure haproxy to work with postfix sasl and dovecot auth like this:
clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1, 20025:auth-backend-2
The configuration I have now gives me this error randomly: 535 5.7.8 Error: authentication failed: Connection lost to authentication server
This is probably because haproxy change servers while session is still active (postfix sasl don’t establish new connection to auth service every time new auth request arrives)
Note that haproxy is between postfix and dovecot and is not facing clients directly, so there is no way to keep persistent connections by client ip.
# POSTFIX smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = smtpd_sasl_path = inet:127.0.0.1:20025 smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot
# HAPROX frontend postfix-sasl bind 127.0.0.1:20025 default_backend dovecot-auth
backend dovecot-auth mode tcp option tcplog option srvtcpka hash-type consistent
balance roundrobin
server mail-backend-1 31.220.19.52:20025 check
server mail-backend-2 31.220.19.53:20025 check