ERROR smtpserver: Socket to hostname (x.x.x.x) closed remotely. java.net.SocketException: Connection reset

rannick · March 30, 2020, 12:55pm

Haproxy smtpchk is flooding errors in smtpservers.log. The option “option smtpchk” in the (haproxy.cfg) SMTP backend is causing the below error at every check.

ERROR smtpserver: Socket to hostname (x.x.x.x) closed remotely.
java.net.SocketException: Connection reset
at java.base/java.net.SocketInputStream.read(Unknown Source)
at java.base/java.net.SocketInputStream.read(Unknown Source)
at java.base/java.io.BufferedInputStream.fill(Unknown Source)
at java.base/java.io.BufferedInputStream.read(Unknown Source)
at org.apache.james.util.CRLFTerminatedReader.read(CRLFTerminatedReader.java:153)
at org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.java:113)
at org.apache.james.smtpserver.SMTPHandler.readCommandLine(SMTPHandler.java:751)
at org.apache.james.smtpserver.SMTPHandler.handleConnection(SMTPHandler.java:372)
at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:432)
at org.apache.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:55)
at org.apache.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:116)

After removing the smtpchk then the error disappears. Any ideas? I have even tried setting the correct domain for SMTP in the option smtpchk on haproxy.config file but its not working.

rannick · April 20, 2020, 2:12pm

@lukastribus Any help would be appreciated?

Sambhaji · November 30, 2022, 5:10am

I’m not entirely sure but one of my customers was having the same problem so I suggested they can check the ports and they found it was due to the port.

lukastribus · November 30, 2022, 8:52am

A fix has been committed and the next release will contain it:

github.com/haproxy/haproxy

smtpchk option does not send a QUIT resulting in thousands of Remote(SocketError) log messages per day on Exchange servers

opened 07:43PM - 03 Aug 22 UTC

closed 05:11PM - 25 Oct 22 UTC

wrightlaw

type: bug status: fixed

### Detailed Description of the Problem When using smtpchk for SMTP service che…cks, HAProxy does not send a QUIT at the end of the transaction and simply drops the TCP connection. This results in Microsoft Exchange (in our case) recording thousands of Remote(SocketError) log messages per day as it sees each HAProxy service check as a failed connection. ### Expected Behavior HAProxy should cleanly terminate the transaction with a QUIT after the test. ### Steps to Reproduce the Behavior Configure an SMTP backend with smtpchk service checking and point to a Microsoft Exchange server Monitor Exchange SMTP Receive Log for Remote(SocketError) messages ### Do you have any idea what may have caused this? No code exists to send a QUIT command to SMTP target ### Do you have an idea how to solve the issue? Believe src/tcpcheck.c needs updating with appropriate code to send a QUIT before closing the TCP connection ### What is your configuration? ```haproxy global maxconn 1048576 stats socket /var/run/haproxy.stat mode 600 level admin log 127.0.0.1:514 local2 chroot /var/empty pidfile /var/run/haproxy.pid user haproxy group haproxy stats socket /var/lib/haproxy/stats resolvers dns parse-resolv-conf timeout retry 10s timeout resolve 10s hold valid 10s hold nx 10s hold other 10s hold obsolete 10s accepted_payload_size 8192 defaults mode tcp log global maxconn 256000 timeout connect 5000ms timeout client 5m timeout server 5m default-server on-marked-down shutdown-sessions init-addr last,none resolve-opts allow-dup-ip option tcplog backend exch-smtp-25-be description Service ID XX exch-smtp backend mode tcp option smtpchk HELO xxxxxx.xxxxxxx.xxxxxxx.xxxxxx balance leastconn server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 ``` ### Output of `haproxy -vv` ```plain HAProxy version 2.4.2-553dee3 2021/07/07 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2026. Known bugs: http://www.haproxy.org/bugs/bugs-2.4.2.html Running on: Linux 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 Build options : TARGET = linux-glibc CPU = generic CC = cc CFLAGS = -O2 -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_THREAD=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_ZLIB=1 USE_TFO=1 USE_NS=1 USE_SYSTEMD=1 DEBUG = Feature list : +EPOLL -KQUEUE +NETFILTER +PCRE +PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO +OPENSSL -LUA +FUTEX +ACCEPT4 -CLOSEFROM +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS -OT -QUIC -PROMEX -MEMORY_PROFILING Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=2). Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with network namespace support. Built with zlib version : 1.2.7 Running on zlib version : 1.2.7 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : yes Encrypted password support via crypt(3): yes Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44) Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|CLEAN_ABRT|HOL_RISK|NO_UPG fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG <default> : mode=HTTP side=FE|BE mux=H1 flags=HTX h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG <default> : mode=TCP side=FE|BE mux=PASS flags= none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG Available services : none Available filters : [SPOE] spoe [CACHE] cache [FCGI] fcgi-app [COMP] compression [TRACE] trace ``` ### Last Outputs and Backtraces _No response_ ### Additional Information _No response_

Topic		Replies	Views
[solved] cluster resolver dns not running on HA-Proxy v.1.5.18 Help!	10	1606	April 9, 2018
Haproxy causes "Communications link failure" with JDBC and MySQL Help!	12	4797	March 6, 2017
POST Issues - Error 500 return Help!	4	985	October 12, 2020
(Host is unreachable) What's that mean? Help!	2	461	October 20, 2021
'server www' : could not resolve address 'www' Help!	5	3303	October 30, 2017

ERROR smtpserver: Socket to hostname (x.x.x.x) closed remotely. java.net.SocketException: Connection reset

Related Topics