I try to balance port 465 postfix with ssl pass-throught.
- Seems postfix identify the protocol because no header error occurrs
- Seems postfix do the handshake correctly and connect
- But later, nothing, after a few seconds timeout and disconnect
Haproxy works fine because I have no problems with dovecot imap and pop 993 and 995, it works fine with haproxy
You can help me I’m lost and I do not know how to solve it
Error log
mx1 postfix/postscreen[22743]: CONNECT from [x.x.x.x]:53722 to [x.x.x.x]:465
mx1 postfix/postscreen[22743]: PREGREET 517 after 0 from [x.x.x.x]:53722: \026\003\001\002\000\001\000\001\374\003\003\366/r\036\304\340Cp\b\020+a58\335\260@\211|\315Tj&\035]
mx1 postfix/smtpd[22744]: timeout after CONNECT from x.red-x-x-x.staticip.rima-tde.net[x.x.x.x]
haproxy config
frontend ft_smtp
bind :465
mode tcp
timeout client 1m
log global
option tcplog
default_backend bk_postfix
backend bk_postfix
mode tcp
log global
option http-keep-alive #afegit
timeout server 1m
timeout connect 5s
server mx1 hostname:10465 send-proxy
#server mx2 hostname:10465 send-proxy
Postfix config
master.cf
10465 inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
main.cf
postscreen_upstream_proxy_protocol = haproxy
Other configuration similar result
I try removing main.cf setting and set it to master.conf, similar error but
smtps inet n - - - - smtpd
…
-o smtpd_upstream_proxy_protocol=haproxy
The result log, it seems to be better:
postfix/postscreen[22981]: CONNECT from [y.y.y.y]:39922 to [z.z.z.z]:10465
postfix/postscreen[22981]: PREGREET 50 after 0 from [y.y.y.y]:39922: PROXY TCP4 j.j.j.j k.k.k.k 53804 465\r\n
mx1 postfix/smtpd[22982]: warning: hostname ec2-y-y-y-y.eu-west-1.compute.amazonaws.com does not resolve to address y.y.y.y
postfix/smtpd[22982]: connect from unknown[y.y.y.y]