Hi,
I want to make imap/pop3/smtp proxy communication to the mail server.
I can’t do it with the current configuration. see below config
when trying to connect the email client, I receive information:
The IMAP server does not support the selected authentication method. Please change 'Authentication method' in the account settings email client
I tried various combinations, but I could not connect the client even with one of them. If I connect the client outside of HAproxy to the mail server, it works for me.
config:
global
log stdout format raw local0 debug
log 127.0.0.1:514 local0
log 127.0.0.1:514 local1 info
log 127.0.0.1:514 local2 notice
maxconn 100000
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy.stat
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
tune.ssl.default-dh-param 2048
defaults
mode http
log global
option httplog
option dontlognull
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 15m
timeout server 15m
timeout http-keep-alive 10s
timeout check 10s
listen ststs
bind *:444 ssl crt /certs/ssl-bundle.pem
mode http
stats enable
stats refresh 600s
stats show-legends
stats show-node
stats hide-version
stats uri /stats
frontend fe_exchange_smtp
mode tcp
option tcplog
bind *:465 name smtp ssl crt /certs/ssl-bundle.pem
default_backend be_exchange_smtp
backend be_exchange_smtp
mode tcp
balance roundrobin
option log-health-checks
server exchange1 server1:25 weight 10 check
server exchange2 server2:25 weight 20 check
frontend fe_exchange_pop3
mode tcp
option tcplog
bind *:995 name pop3 ssl crt /certs/ssl-bundle.pem
default_backend be_exchange_pop3
backend be_exchange_pop3
mode tcp
balance leastconn
option log-health-checks
server exchange1 server1:110 weight 10 check
server exchange2 server2:110 weight 20 check
frontend fe_exchange_imaps
mode tcp
log global
option tcplog
bind *:993 name imaps ssl crt /certs/ssl-bundle.pem
default_backend be_exchange_imaps
backend be_exchange_imaps
mode tcp
log global
balance leastconn
option log-health-checks
server exchange1 server1:143 weight 10 check
server exchange2 server2:143 weight 20 check
in log stdout I see this
00000010:fe_exchange_imaps.accept(0007)=000e from [client:57732] ALPN=<none>
00000011:fe_exchange_imaps.accept(0007)=0011 from [client:57733] ALPN=<none>
00000010:be_exchange_imaps.srvcls[000e:adfd]
00000010:be_exchange_imaps.clicls[000e:adfd]
00000010:be_exchange_imaps.closed[000e:adfd]
client:57732 [05/Jun/2024:09:31:48.448] fe_exchange_imaps~ be_exchange_imaps/exchange1 10/1/211 176 -- 2/2/1/0/0 0/0
00000011:be_exchange_imaps.srvcls[0011:adfd]
00000011:be_exchange_imaps.clicls[0011:adfd]
00000011:be_exchange_imaps.closed[0011:adfd]
client:57733 [05/Jun/2024:09:31:48.449] fe_exchange_imaps~ be_exchange_imaps/exchange2 15/1/211 176 -- 1/1/0/0/0 0/0
00000012:fe_exchange_imaps.accept(0007)=000e from [client:57734] ALPN=<none>
00000013:fe_exchange_imaps.accept(0007)=0011 from [client:57735] ALPN=<none>
Thanx for Helping