configuring haproxy for SMTP traffic

Question

I am trying to get SMTP (and IMAP, POP, IMAPS, etc..) to run over my haproxy server but i can't seem to actually get traffic to be allowed through.

Anytime i telnet to my ip on port 25 i get: (same for 587)

Connection failed: No connection could be made because the target machine actively refused it

when i do:

netstat -a | egrep 'Proto|LISTEN'

This is the result:

Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp        0      0 localhost:6010          *:*                     LISTEN
tcp        0      0 *:https                 *:*                     LISTEN
tcp        0      0 localhost:6011          *:*                     LISTEN
tcp        0      0 *:7999                  *:*                     LISTEN
tcp        0      0 *:3336                  *:*                     LISTEN
tcp        0      0 *:submission            *:*                     LISTEN
tcp        0      0 *:http                  *:*                     LISTEN
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:6010          [::]:*                  LISTEN
tcp6       0      0 localhost:6011          [::]:*                  LISTEN
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     8712     /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     SEQPACKET  LISTENING     7484     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     1395     @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     9960     /var/run/acpid.socket

Oh and i've tried multiple different examples like:

defaults
        mode    http
        contimeout      4000
        clitimeout      3600000
        srvtimeout      3600000
        balance roundrobin

listen  MyMail-1 *:25
        bind *:110,*:135
        bind *:139,*:443
        bind *:60000,*:60001
        bind *:6001-6004
        bind *:587,*:993-995
        disabled
        mode    tcp
        option  persist
        balance roundrobin
        stick-table type ip size 10240k expire 30m
        stick on src
        server HC-CAS1 10.1.2.246 weight 1 check port 80 inter 5000 rise 2 fall 3
        #server HC-CAS2 10.10.10.21 weight 1 check port 80 inter 5000 rise 2 fall 3
        option redispatch
        option abortonclose
        maxconn 40000

And right now i have it as simple as possible:

    listen email_proxy :25,:587
        mode tcp
        balance roundrobin
        server srv1 10.1.2.246 check port 25 inter 30000 rise 1 fall 2

So my machine says it's listening, and the haproxy machine is reachable from the outside (port 80/443 traffic) is fine, i can also reach my statistics page on my public static ip.

If anyone can help me out that would be greatly appreciated.

Have you checked actual mail server's logs for why it rejects connections? — Jacek, May 01 '15 at 19:05
yeah i did, its not reaching my server at all, my haproxy is blocking the request before passing it through — Tobias Hagenbeek, May 01 '15 at 19:22
Not an expert on haproxy itself, so can't really help much with it - but since you get refused also with telnet attempts on port 25 and 587, you may be blocked by some firewall? Not sure, just guessing. Are you connecting from the same network? — Jacek, May 01 '15 at 19:30
your ISP may b blocking port 25 as is very common. Try adding port 2525 instead. — Richard, Feb 29 '20 at 14:18
@Richard, that was not the case, business connection and ISP confirms traffic is fine. ANd yes you can redirect, TCP is all its mostly about he listeners, i was actually able to resolve this issue, but in a different version of haproxy. No single listener but a front and backend seperated, that does seem to do the trick, thank you for your response! — Tobias Hagenbeek, Mar 03 '20 at 17:40

configuring haproxy for SMTP traffic

0 Answers0