PROXY protocol

Nikolaos Milas nmilas at noa.gr
Fri Aug 21 11:31:33 UTC 2015 

On 20/8/2015 11:09 μμ, Nikolaos Milas wrote:

> As soon as I manage to re-build Dovecot with the latest snapshot, I'll 
> test it! 

Hello,

I've built dovecot with a today snapshot from hg 
(dovecot-2-2-9f815e781beb) and I am trying to enable haproxy.

I configured as follows (lines added compared to initial config are 
marked with +):

    + haproxy_trusted_networks = 62.217.xxx.xxx/29, 2001:648:xxx:xxx::/64

    service auth {
    +  inet_listener {
    +    haproxy = yes
    +  }
       unix_listener /var/spool/postfix/private/auth {
         group = postfix
         mode = 0660
         user = postfix
       }
       unix_listener auth-master {
         group = vmail
         mode = 0660
         user = vmail
       }
       user = root
    }

    service imap-login {
       service_count = 1
       vsz_limit = 128 M
    }

    service pop3-login {
       service_count = 1
       vsz_limit = 128 M
    }

Dovecot starts OK and accepts connections successfully as usual, but 
when I add the 'send-proxy' directive on haproxy server nodes (in 
haproxy.cfg), clients cannot login.

With pop3s, imaps, I get errors of the form:

Aug 21 13:30:04 vdev dovecot: pop3-login: Disconnected (no auth attempts 
in 0 secs): user=<>, rip={haproxy-server-ip-address}, 
lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept() 
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
protocol, session=<m1tAwM8dDQA+2XwE>
Aug 21 13:30:14 vdev dovecot: imap-login: Disconnected (disconnected 
before auth was ready, waited 0 secs): user=<>, 
rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, 
TLS handshaking: SSL_accept() failed: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<PCjXwM8degA+2XwE>
Aug 21 13:30:15 vdev dovecot: imap-login: Disconnected (no auth attempts 
in 0 secs): user=<>, rip={haproxy-server-ip-address}, 
lip={local-dovecot-server-ip-address}, TLS handshaking: SSL_accept() 
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown 
protocol, session=<MeTtwM8dfAA+2XwE>

With pop3, imap, I get failed auth messages:

Aug 21 14:18:12 vdev dovecot: pop3-login: Disconnected (auth failed, 1 
attempts in 14 secs): user=<tester>, method=PLAIN, rip=62.217.124.4, 
lip=195.251.204.232, session=<h2yOa9AdKQA+2XwE>

Aug 21 14:20:33 vdev dovecot: auth: 
plain(?,{haproxy-server-ip-address},<r2/KdNAdYQA+2XwE>): Invalid base64 
data in continued response
Aug 21 14:20:38 vdev dovecot: auth: 
plain(?,{haproxy-server-ip-address},<f8AZddAdZwA+2XwE>): Invalid base64 
data in continued response
Aug 21 14:20:38 vdev dovecot: imap-login: Disconnected (auth failed, 1 
attempts in 0 secs): user=<>, method=PLAIN, 
rip={haproxy-server-ip-address}, lip={local-dovecot-server-ip-address}, 
session=<f8AZddAdZwA+2XwE>

Note: I have replaced real IP addresses with {haproxy-server-ip-address} 
and {local-dovecot-server-ip-address}.

Should I configure things differently?

Please advise.

Thanks,
Nick

More information about the dovecot mailing list