ERROR smtpserver: Socket to hostname (x.x.x.x) closed remotely. java.net.SocketException: Connection reset

rannick · March 30, 2020, 12:55pm

Haproxy smtpchk is flooding errors in smtpservers.log. The option “option smtpchk” in the (haproxy.cfg) SMTP backend is causing the below error at every check.

ERROR smtpserver: Socket to hostname (x.x.x.x) closed remotely.
java.net.SocketException: Connection reset
at java.base/java.net.SocketInputStream.read(Unknown Source)
at java.base/java.net.SocketInputStream.read(Unknown Source)
at java.base/java.io.BufferedInputStream.fill(Unknown Source)
at java.base/java.io.BufferedInputStream.read(Unknown Source)
at org.apache.james.util.CRLFTerminatedReader.read(CRLFTerminatedReader.java:153)
at org.apache.james.util.CRLFTerminatedReader.readLine(CRLFTerminatedReader.java:113)
at org.apache.james.smtpserver.SMTPHandler.readCommandLine(SMTPHandler.java:751)
at org.apache.james.smtpserver.SMTPHandler.handleConnection(SMTPHandler.java:372)
at org.apache.james.util.connection.ServerConnection$ClientConnectionRunner.run(ServerConnection.java:432)
at org.apache.excalibur.thread.impl.ExecutableRunnable.execute(ExecutableRunnable.java:55)
at org.apache.excalibur.thread.impl.WorkerThread.run(WorkerThread.java:116)

After removing the smtpchk then the error disappears. Any ideas? I have even tried setting the correct domain for SMTP in the option smtpchk on haproxy.config file but its not working.

rannick · April 20, 2020, 2:12pm

@lukastribus Any help would be appreciated?

Sambhaji · November 30, 2022, 5:10am

I’m not entirely sure but one of my customers was having the same problem so I suggested they can check the ports and they found it was due to the port.

lukastribus · November 30, 2022, 8:52am

A fix has been committed and the next release will contain it:

github.com/haproxy/haproxy

smtpchk option does not send a QUIT resulting in thousands of Remote(SocketError) log messages per day on Exchange servers

opened 07:43PM - 03 Aug 22 UTC

closed 05:11PM - 25 Oct 22 UTC

wrightlaw

type: bug status: fixed

### Detailed Description of the Problem When using smtpchk for SMTP service che…cks, HAProxy does not send a QUIT at the end of the transaction and simply drops the TCP connection. This results in Microsoft Exchange (in our case) recording thousands of Remote(SocketError) log messages per day as it sees each HAProxy service check as a failed connection. ### Expected Behavior HAProxy should cleanly terminate the transaction with a QUIT after the test. ### Steps to Reproduce the Behavior Configure an SMTP backend with smtpchk service checking and point to a Microsoft Exchange server Monitor Exchange SMTP Receive Log for Remote(SocketError) messages ### Do you have any idea what may have caused this? No code exists to send a QUIT command to SMTP target ### Do you have an idea how to solve the issue? Believe src/tcpcheck.c needs updating with appropriate code to send a QUIT before closing the TCP connection ### What is your configuration? ```haproxy global maxconn 1048576 stats socket /var/run/haproxy.stat mode 600 level admin log 127.0.0.1:514 local2 chroot /var/empty pidfile /var/run/haproxy.pid user haproxy group haproxy stats socket /var/lib/haproxy/stats resolvers dns parse-resolv-conf timeout retry 10s timeout resolve 10s hold valid 10s hold nx 10s hold other 10s hold obsolete 10s accepted_payload_size 8192 defaults mode tcp log global maxconn 256000 timeout connect 5000ms timeout client 5m timeout server 5m default-server on-marked-down shutdown-sessions init-addr last,none resolve-opts allow-dup-ip option tcplog backend exch-smtp-25-be description Service ID XX exch-smtp backend mode tcp option smtpchk HELO xxxxxx.xxxxxxx.xxxxxxx.xxxxxx balance leastconn server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 server xxxxxx.xxxxxxx.xxxxxxx.xxxxxx_25 xxxxxx.xxxxxxx.xxxxxxx.xxxxxx:25 check resolvers dns fall 6 ``` ### Output of `haproxy -vv` ```plain HAProxy version 2.4.2-553dee3 2021/07/07 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2026. Known bugs: http://www.haproxy.org/bugs/bugs-2.4.2.html Running on: Linux 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 Build options : TARGET = linux-glibc CPU = generic CC = cc CFLAGS = -O2 -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits OPTIONS = USE_PCRE=1 USE_PCRE_JIT=1 USE_THREAD=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_ZLIB=1 USE_TFO=1 USE_NS=1 USE_SYSTEMD=1 DEBUG = Feature list : +EPOLL -KQUEUE +NETFILTER +PCRE +PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO +OPENSSL -LUA +FUTEX +ACCEPT4 -CLOSEFROM +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS -OT -QUIC -PROMEX -MEMORY_PROFILING Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=2). Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with network namespace support. Built with zlib version : 1.2.7 Running on zlib version : 1.2.7 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with PCRE version : 8.32 2012-11-30 Running on PCRE version : 8.32 2012-11-30 PCRE library supports JIT : yes Encrypted password support via crypt(3): yes Built with gcc compiler version 4.8.5 20150623 (Red Hat 4.8.5-44) Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|CLEAN_ABRT|HOL_RISK|NO_UPG fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG <default> : mode=HTTP side=FE|BE mux=H1 flags=HTX h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG <default> : mode=TCP side=FE|BE mux=PASS flags= none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG Available services : none Available filters : [SPOE] spoe [CACHE] cache [FCGI] fcgi-app [COMP] compression [TRACE] trace ``` ### Last Outputs and Backtraces _No response_ ### Additional Information _No response_

Topic		Replies	Views
Pool of erros in smtpserver log because of option smtpchk in haproxy.cfg Help!	12	1905	April 18, 2020
HAproxy SMTP mail config Help!	3	3688	August 21, 2023
gRPC + HAProxy and connection reset by peer Help!	3	2424	March 28, 2018
Haproxy repetitively sending reset packets Help!	2	2900	February 7, 2018
HA Proxy h2 connection closing logic seems to have issues Help!	0	745	December 31, 2019

ERROR smtpserver: Socket to hostname (x.x.x.x) closed remotely. java.net.SocketException: Connection reset

Related topics