Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Haproxy secure smtp with TLS error

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      toyinal
      last edited by

      I've setup the latest haproxy-devel on pfsense router to load balance some web servers with great success. But I'm having this error in Maillog -'TLS handshaking: SSL_accept() syscall failed:' when using haproxy to load balance some SMTP servers
      Configuration
      .

      | frontend HAFronttls
      bind 10.10.0.11:587 name 10.10.0.11:587 ssl no-sslv3 crt /var/etc/haproxy/HAFronttls.pem crt /var/etc/haproxy/HAFronttls  transparent
      mode tcp
      log global
      timeout client 30000
      default_backend InfomixHAtls_tcp_ipv4

      backend InfomixHAtls_tcp_ipv4
      mode tcp
      log global
      balance leastconn
      timeout connect 30000
      timeout server 30000
      retries 3
      source ipv4@ usesrc clientip
      server server11 10.10.0.251:587 check inter 60000 
      server controller 10.10.0.8:587 check inter 60000 |

      Any help will be greatly appreciated.  Thanks

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        You might want to try and enable the 'ssl' checkbox on the servers so the backend connection is also encrypted.
        However it might still be troublesome to get it working as :587 normally uses STARTTLS and only starts encrypting traffic after some plaintext smtp commands have already passed. This will likely cause some issues further down the road, if you get it working or run into more trouble either way please do share your results :)

        1 Reply Last reply Reply Quote 0
        • T
          toyinal
          last edited by

          when I set stick persistence to Stick on Source IPv4 I get this errors

          | Errors found while starting haproxy
          [ALERT] 244/195048 (73937) : parsing [/var/etc/haproxy_test/haproxy.cfg:104] : stick-table: unexpected character 'e' in argument of 'size'.
          [ALERT] 244/195048 (73937) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
          [ALERT] 244/195048 (73937) : Proxy 'InfomixHAimaps_tcp_ipvANY': stick-table 'InfomixHAimaps_tcp_ipvANY' used but not configured.
          [ALERT] 244/195048 (73937) : Fatal errors found in configuration.
          |

          Is this bug in Pfsense Haproxy package

          1 Reply Last reply Reply Quote 0
          • P
            PiBa
            last edited by

            Have you filed in the "Stick-table expire" and "Stick-table size" values? Perhaps i should add a check that they must be filled if a sticktable is to be used..

            1 Reply Last reply Reply Quote 0
            • T
              toyinal
              last edited by

              Thanks for a quick reply!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.