I am trying to setup haproxy in front of 2 CentOS 7 cPanel servers with SSL termination. I have hit the following problem with the cPanel provided Exim package.
It seems like the Exim version provided with cPanel is not built with the option enabled for “PROXY” support.
I am concerned that there maybe nothing I can do to get this working. Exim does not seem to accept the authentication or commands sent by the proxy. I tried with the haproxy backend config enabled for proxy-support and no proxy-support.
Is the build option “PROXY” really required for Exim to function behind haproxy? Is there any workaround anyone can think of? I would prefer not to mess with cPanel RPMs or swap out cPanel entirely but there may be no choice.
Somebody suggested using nginx in this case but it adds a lot of complications for authentication etc and I am thinking there will still be issues if Exim is not proxy aware.
Thanks to anyone who can provide a bit of info or ideas.
Best regards,
I forgot to mention this was originally built on CentOS 7 and it works perfectly. Here is the Exim version details of both setups:
On a CentOS 7 server (no cPanel):
[root@mailsrv ~]# exim --version
Exim version 4.92.3 #3 built 30-Sep-2019 11:50:17
Copyright © University of Cambridge, 1995 - 2018
© The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc OpenSSL Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm nis nis0 nisplus passwd sqlite
Authenticators: cram_md5 cyrus_sasl dovecot gsasl plaintext spa tls
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /etc/exim/exim.conf
On a CentOS 7 server with cPanel:
[root@mail1 ~]# exim --version
Exim version 4.93 #2 built 23-Dec-2019 18:18:10
Copyright © University of Cambridge, 1995 - 2018
© The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb passwd
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Configure owner: 0:0
Size of off_t: 8
2020-02-13 16:00:54 cwd=/root 2 args: exim --version
Configuration file is /etc/exim.conf
If you configure haproxy to enable the proxy protocol towards the backend, your backend needs to support it, yes, there is no way around.