postfix sasl -> haproxy -> dovecot auth
Edgaras Lukoševičius
edgaras.lukosevicius at gmail.com
Fri Mar 27 11:21:15 UTC 2015
Hello,
is it possible to configure configure haproxy to work with postfix sasl and dovecot auth like this:
clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1, 20025:auth-backend-2
The configuration I have now gives me this error randomly:
535 5.7.8 Error: authentication failed: Connection lost to authentication server
This is probably because haproxy change servers while session is still active (postfix sasl don’t establish new connection to auth service every time new auth request arrives)
Note that haproxy is between postfix and dovecot and is not facing clients directly, so there is no way to keep persistent connections by client ip.
# POSTFIX
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = inet:127.0.0.1:20025
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
# HAPROX
frontend postfix-sasl
bind 127.0.0.1:20025
default_backend dovecot-auth
backend dovecot-auth
mode tcp
option tcplog
option srvtcpka
hash-type consistent
balance roundrobin
server mail-backend-1 31.220.19.52:20025 check
server mail-backend-2 31.220.19.53:20025 check
More information about the dovecot
mailing list