razertechDE
New Pleskian
Hello all,
we currently have the situation that we need to put our Plesk server behind a HAProxy.
Getting the "real IP" for the webserver, was easy. But I am currently stuck with the Mail Service.
IMAP is already working, only the mail sending fails.
I have evaluated the logs and get the following message (/var/log/maillog):
The corresponding services look as below (/etc/postfix/master.cf):
And regarding the HAProxy Server, the configuration looks like this:
It seems that SASL authentication is not working.
The authentication seems to be very customized to Plesk.
Has someone an idea?
Many thanks in advance &
kind regards
we currently have the situation that we need to put our Plesk server behind a HAProxy.
Getting the "real IP" for the webserver, was easy. But I am currently stuck with the Mail Service.
IMAP is already working, only the mail sending fails.
I have evaluated the logs and get the following message (/var/log/maillog):
Bash:
Jun 17 18:08:10 PLESK postfix/10465/smtpd[79552]: connect from pffffffd1.fip2.ipconnect.de[XX.XXX.XXX.XXX]
Jun 17 18:08:10 PLESK plesk_saslauthd[79553]: listen=6, status=5, dbpath='/plesk/passwd.db', keypath='/plesk/passwd_db_key', chroot=1, unprivileged=1
Jun 17 18:08:10 PLESK plesk_saslauthd[79553]: privileges set to (104:109) (effective 104:109)
Jun 17 18:08:20 PLESK postfix/10465/smtpd[79552]: fatal: no SASL authentication mechanisms
Jun 17 18:08:20 PLESK plesk_saslauthd[79553]: client unexpected error: client unexpectedly closed connection
Jun 17 18:08:21 PLESK postfix/master[79540]: warning: process /usr/lib/postfix/sbin/smtpd pid 79552 exit status 1
Jun 17 18:08:21 PLESK postfix/master[79540]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Jun 17 18:08:51 PLESK plesk_saslauthd[79553]: select timeout, exiting
The corresponding services look as below (/etc/postfix/master.cf):
Bash:
192.168.X.XX:2525 inet n - - - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
-o postscreen_cache_map=btree:$data_directory/postscreen_2525_cache
-o syslog_name=postfix/2525
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
192.168.X.XX:10587 inet n - n - - smtpd status=5 listen=6 dbpath=/plesk/passwd.db
-o syslog_name=postfix/10587
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=no
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=/var/spool/postfix/private/plesk_saslauthd
-o smtpd_upstream_proxy_protocol=haproxy
192.168.X.XX:10465 inet n - n - - smtpd
-o syslog_name=postfix/10465
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=/var/spool/postfix/private/plesk_saslauthd
-o smtpd_upstream_proxy_protocol=haproxy
And regarding the HAProxy Server, the configuration looks like this:
NGINX:
listen imap
bind *:143
mode tcp
stick store-request src
stick-table type ip size 200k expire 30m
server plesk 192.168.X.XX:10143 send-proxy-v2
listen imaps
bind *:993
mode tcp
stick store-request src
stick-table type ip size 200k expire 30m
server plesk 192.168.X.XX:10993 send-proxy-v2
listen smtp
bind *:25
mode tcp
timeout client 1m
timeout server 1m
timeout connect 7s
log global
option tcplog
server plesk 192.168.X.XX:2525 send-proxy
listen submission
bind *:587
mode tcp
timeout client 1m
timeout server 1m
timeout connect 7s
log global
option tcplog
server plesk 192.168.X.XX:10587 send-proxy
listen smtps
bind *:465
mode tcp
timeout client 1m
timeout server 1m
timeout connect 7s
log global
option tcplog
server plesk 192.168.X.XX:10465 send-proxy
It seems that SASL authentication is not working.
The authentication seems to be very customized to Plesk.
Has someone an idea?
Many thanks in advance &
kind regards