HAProxy community

Pool of erros in smtpserver log because of option smtpchk in haproxy.cfg

Config:

backend smtp-backend-mail
# Layer 4 based load balancing
mode tcp
option smtpchk

Error:

smtpserver.log

ERROR smtpserver: Socket to hostname closed remotely.
java.net.SocketException: Connection reset

haproxy.log

31 03:31:03 localhost haproxy[13975]: IP:60416 [31/Mar/2020:03:31:03.627] https/2: Connection closed during SSL handshake
Mar 31 03:31:03 localhost haproxy[30585]: http http/ -1/-1/-1/-1/+0 400 +187 - - CR-- 0/0/0/0/0 0/0 “”
Mar 31 03:32:03 localhost haproxy[30585]: https/2: Connection closed during SSL handshake
Mar 31 03:32:03 localhost haproxy[13975]: http http/ -1/-1/-1/-1/+0 400 +187 - - CR-- 0/0/0/0/0 0/0 “”

Do you have a frontend defined for SMTP that’s bound to one or more standard ports?
You don’t appear to have any servers defined in your backend, so it appears haproxy is connecting to localhost on one of the webservice ports by default. As you can’t talk SMTP to a web server, that won’t work.

Thanks for the reply. Error is coming because of the option smtpchk (server health check). I even did add correct domain (option smtpchk HELO domain). Is this health check necessary? below is the frontend and backend config for SMTP

frontend smtp
    bind 127.0.0.1:25
    bind HAProxy_Server_IP:25

    mode tcp

    # Route all traffic to our backend
    default_backend smtp-backend-mail

    log global
    option tcplog
    option logasap

backend smtp-backend-mail
    # Layer 4 based load balancing
    mode tcp
    option smtpchk HELO HAProxy_Server_IP

    # IP stickyness
    balance source
    hash-type consistent   
    stick-table type ip size 20k
    stick on src

    server APP_Hostname APP_IP:25 check on-marked-down shutdown-sessions

There more configurations defined I only posted backend smtp. How to overcome this? @nlindq

The problem isn’t with the smtpchk (although the option after HELO is just for what to announce during the SMTP conversation), it’s with your server configuration.

You only seem to have one SMTP server defined (APP_Hostname); what problem are you trying to solve with HAProxy?

I’d note that for SMTP, I’ve found the frontend/backend configuration excessively cumbersome as it’s generally pretty simple.

You could likely simplify. Here’s mine, for eg:

listen smtp
    mode tcp
    bind *:25
    balance roundrobin
    option tcplog
    option smtpchk HELO [host.name]
    server [server1] [serverip]:25 check
    server [server2] [server2ip]:25 check

@nlindq Tried your way of simple configuration for smtp server but the error is still coming. Is it because of network connection? Error is coming randomly.

Can you answer this part of my question?

You only seem to have one SMTP server defined (APP_Hostname); what problem are you trying to solve with HAProxy?

Please post the smtp portion of your configuration, obfuscating as desired.

Main purpose of HAproxy here is used as a Proxy Server. Is the error because of connectivity between server?

Please post the smtp portion of your configuration, obfuscating as desired.

@nlindq I did that already. Check above for configuration of SMTP frontend and backend. And proxy is sending [RST, ACK] instead of closing properly the connection after having received the answer to the “HELO localhost” command.

tcpdump: I think HA-proxy server is the one resetting the connection. (10:09:59.551109 IP HAProxy_SERVER.38910 > APP_Server.smtp: Flags [R], seq 951036460, win 0, length 0)

Your configuration includes

option smtpchk HELO HAProxy_Server_IP

so I’m curious as to why you’d see a HELO localhost in your tcpdump.

Since you only have one SMTP server, I see no point in the load balancing config items you’ve included. Have you tried removing them?

HELO localhost This was before adding HELO HAProxy_Server_IP. As I said earlier this setup is for using it as a proxy server.

The (optional) parameter after the HELO is only used to tell the smtpchk what to announce as part of the SMTP greeting.

I’m starting to think we have different concepts of proxy server in this context.

Please describe your intended flow of SMTP traffic.

@nlindq SMTP server (i.e app server) infront that HAproxy server as proxy server. Email send and receive functionality is working fine. It’s just this error in log file.

I ran tcpdump on Haproxy setup.

HAProxy_Server_IP > App_Server_IP.smtp: Flags [R], seq 951036460, win 0, length 0

What about that Haproxy sending R flag. Is this connection reset thing is expected behaviour if we enable haproxy health checks?