HA Proxy POP3/s port to POP TCP 110 (SSL Offloading)



  • Hi.
    I have configured a "Reverse Proxy" with "HA Proxy" would like to know how to configure Frontend POP3 / s TCP 995 to Backend POP3 110.
    I have had problems with the POP3 / s protocol configuration.

    I have attached the current configuration and logs of the HA Proxy configured in the Pfsense.

    Thank you so much.
    A greeting.

    Automaticaly generated, dont edit manually.

    Generated on: 2019-04-18 12:24

    global
    maxconn 50000
    log 127.0.0.1:5140 syslog debug
    stats socket /tmp/haproxy.socket level admin
    uid 80
    gid 80
    nbproc 1
    hard-stop-after 15m
    chroot /tmp/haproxy_chroot
    daemon
    tune.ssl.default-dh-param 2048
    log-send-hostname pfsense.xxx.xx
    server-state-file /tmp/haproxy_server_state

    listen HAProxyLocalStats
    bind 127.0.0.1:2200 name localstats
    mode http
    stats enable
    stats refresh 5
    stats admin if TRUE
    stats show-legends
    stats uri /haproxy/haproxy_stats.php?haproxystats=1
    timeout client 5000
    timeout connect 5000
    timeout server 5000

    frontend Shared_Frontend_POP3s
    bind A.A.A.A:995 name A.A.A.A:995 ssl crt-list /var/etc/haproxy/Shared_Frontend_POP3s.crt_list
    mode http
    log global
    option socket-stats
    option log-separate-errors
    option httplog
    option http-keep-alive
    timeout client 30000
    acl ACL1_POP3 src mail.stada.es
    use_backend pop3.mail.stada.es_ipvANY if ACL1_POP3

    ##################################################################################

    backend pop3.mail.stada.es_ipvANY
    mode http
    id 108
    log global
    timeout connect 30000
    timeout server 30000
    retries 3
    server mail.stada.es 192.168.30.6:110 id 109 check inter 1000



  • I have the zimbra configured behind pfsense.
    however the ports used by zimbra I did a NAT directly ap iP from the Zimbra server.
    Without going through HAProxy

    Captura de Tela 2019-04-19 às 07.12.09.png



  • Hello "luciano_frc"

    Thank you for responding, if indeed in your case you make a port forwarding. my configuration is different I use the HA-Proxy package, to enable the reverse Proxy service.
    The problem is that the configuration of the HA-Proxy service for the POP3 / s protocol throws an error.

    A greeting.

    log..
    Showing 1 of 1 messages
    Apr 19 15:49:41 localhost haproxy[2437]: 198.108.66.224:58882 [19/Apr/2019:15:49:41.070] Shared_Frontend_POP3s~ Shared_Frontend_POP3s/<NOSRV> -1/-1/134 0 SC 0/0/0/0/0 0/0



  • Hi Any Suggestion

    Thank you


  • LAYER 8 Netgate

    I don't know exactly what to tell you to do but I can't imagine mode http is what you want for pop3s.

    This covers everything except the SSL offload part. You might want to get it working without that then add it.

    https://www.haproxy.com/documentation/haproxy/deployment-guides/exchange-2010/pop3/



  • Hello

    That's right! I've switched to TCP, but I still have not made it work.

    I have finally passed these ports to a NAT / PAT, and only Proxy Reverse is being made to the http and https protocols.


Log in to reply