HAProxy community

Problem after handshake postfix 465

I try to balance port 465 postfix with ssl pass-throught.

  • Seems postfix identify the protocol because no header error occurrs
  • Seems postfix do the handshake correctly and connect
  • But later, nothing, after a few seconds timeout and disconnect

Haproxy works fine because I have no problems with dovecot imap and pop 993 and 995, it works fine with haproxy

You can help me I’m lost and I do not know how to solve it

Error log
mx1 postfix/postscreen[22743]: CONNECT from [x.x.x.x]:53722 to [x.x.x.x]:465
mx1 postfix/postscreen[22743]: PREGREET 517 after 0 from [x.x.x.x]:53722: \026\003\001\002\000\001\000\001\374\003\003\366/r\036\304\340Cp\b\020+a58\335\260@\211|\315Tj&\035]
mx1 postfix/smtpd[22744]: timeout after CONNECT from x.red-x-x-x.staticip.rima-tde.net[x.x.x.x]

haproxy config

frontend ft_smtp
bind :465
mode tcp
timeout client 1m
log global
option tcplog
default_backend bk_postfix

backend bk_postfix
mode tcp
log global
option http-keep-alive #afegit
timeout server 1m
timeout connect 5s
server mx1 hostname:10465 send-proxy
#server mx2 hostname:10465 send-proxy

Postfix config
master.cf
10465 inet n - n - 1 postscreen
smtpd pass - - n - - smtpd

main.cf
postscreen_upstream_proxy_protocol = haproxy

Other configuration similar result

I try removing main.cf setting and set it to master.conf, similar error but
smtps inet n - - - - smtpd

-o smtpd_upstream_proxy_protocol=haproxy

The result log, it seems to be better:

postfix/postscreen[22981]: CONNECT from [y.y.y.y]:39922 to [z.z.z.z]:10465
postfix/postscreen[22981]: PREGREET 50 after 0 from [y.y.y.y]:39922: PROXY TCP4 j.j.j.j k.k.k.k 53804 465\r\n
mx1 postfix/smtpd[22982]: warning: hostname ec2-y-y-y-y.eu-west-1.compute.amazonaws.com does not resolve to address y.y.y.y
postfix/smtpd[22982]: connect from unknown[y.y.y.y]