HA Proxy POP3/s port to POP TCP 110 (SSL Offloading)

Miguel López · Apr 18, 2019, 1:55 PM

Hi.
I have configured a "Reverse Proxy" with "HA Proxy" would like to know how to configure Frontend POP3 / s TCP 995 to Backend POP3 110.
I have had problems with the POP3 / s protocol configuration.

I have attached the current configuration and logs of the HA Proxy configured in the Pfsense.

Thank you so much.
A greeting.

Automaticaly generated, dont edit manually.

Generated on: 2019-04-18 12:24

global
maxconn 50000
log 127.0.0.1:5140 syslog debug
stats socket /tmp/haproxy.socket level admin
uid 80
gid 80
nbproc 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
log-send-hostname pfsense.xxx.xx
server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats refresh 5
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000

frontend Shared_Frontend_POP3s
bind A.A.A.A:995 name A.A.A.A:995 ssl crt-list /var/etc/haproxy/Shared_Frontend_POP3s.crt_list
mode http
log global
option socket-stats
option log-separate-errors
option httplog
option http-keep-alive
timeout client 30000
acl ACL1_POP3 src mail.stada.es
use_backend pop3.mail.stada.es_ipvANY if ACL1_POP3

##################################################################################

backend pop3.mail.stada.es_ipvANY
mode http
id 108
log global
timeout connect 30000
timeout server 30000
retries 3
server mail.stada.es 192.168.30.6:110 id 109 check inter 1000

luciano_frc · Apr 19, 2019, 10:14 AM

I have the zimbra configured behind pfsense.
however the ports used by zimbra I did a NAT directly ap iP from the Zimbra server.
Without going through HAProxy

Miguel López · Apr 19, 2019, 8:49 PM

Hello "luciano_frc"

Thank you for responding, if indeed in your case you make a port forwarding. my configuration is different I use the HA-Proxy package, to enable the reverse Proxy service.
The problem is that the configuration of the HA-Proxy service for the POP3 / s protocol throws an error.

A greeting.

log..
Showing 1 of 1 messages
Apr 19 15:49:41 localhost haproxy[2437]: 198.108.66.224:58882 [19/Apr/2019:15:49:41.070] Shared_Frontend_POP3s~ Shared_Frontend_POP3s/<NOSRV> -1/-1/134 0 SC 0/0/0/0/0 0/0

Miguel López · Apr 29, 2019, 3:29 PM

Hi Any Suggestion

Thank you

Derelict · Apr 29, 2019, 3:44 PM

I don't know exactly what to tell you to do but I can't imagine mode http is what you want for pop3s.

This covers everything except the SSL offload part. You might want to get it working without that then add it.

https://www.haproxy.com/documentation/haproxy/deployment-guides/exchange-2010/pop3/

Miguel López · Apr 29, 2019, 4:15 PM

Hello

That's right! I've switched to TCP, but I still have not made it work.

I have finally passed these ports to a NAT / PAT, and only Proxy Reverse is being made to the http and https protocols.