[Feature] Add HAProxy listeners and an example override file

master
andryyy 2020-07-04 19:30:40 +02:00
parent e40a0eae01
commit 0cfdd763f8
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
3 changed files with 55 additions and 0 deletions

View File

@ -312,10 +312,28 @@ service imap-login {
process_limit = 10000
vsz_limit = 1G
user = dovenull
inet_listener imap_haproxy {
port = 10143
haproxy = yes
}
inet_listener imaps_haproxy {
port = 10993
ssl = yes
haproxy = yes
}
}
service pop3-login {
service_count = 1
vsz_limit = 1G
inet_listener pop3_haproxy {
port = 10110
haproxy = yes
}
inet_listener pop3s_haproxy {
port = 10995
ssl = yes
haproxy = yes
}
}
service imap {
executable = imap imap-postlogin

View File

@ -1,5 +1,8 @@
# inter-mx with postscreen on 25/tcp
smtp inet n - n - 1 postscreen
10025 inet n - n - 1 postscreen
-o postscreen_upstream_proxy_protocol=haproxy
-o syslog_name=haproxy
smtpd pass - - n - - smtpd
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
-o smtpd_sasl_auth_enable=no
@ -13,6 +16,13 @@ smtps inet n - n - - smtpd
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes
-o syslog_name=postfix/smtps
10465 inet n - n - - smtpd
-o smtpd_upstream_proxy_protocol=haproxy
-o smtpd_tls_wrappermode=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes
-o syslog_name=postfix/smtps-haproxy
# smtpd with starttls on 587/tcp
# TLS protocol can be modified by setting submission_smtpd_tls_mandatory_protocols in extra.cf
@ -23,6 +33,14 @@ submission inet n - n - - smtpd
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes
-o syslog_name=postfix/submission
10587 inet n - n - - smtpd
-o smtpd_upstream_proxy_protocol=haproxy
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_enforce_tls=yes
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes
-o syslog_name=postfix/submission-haproxy
# used by SOGo
# smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function

View File

@ -0,0 +1,19 @@
##
## Set haproxy_trusted_networks in Dovecots extra.conf!
version: '2.1'
services:
dovecot-mailcow:
ports:
- "${IMAP_PORT_HAPROXY:-127.0.0.1:10143}:10143"
- "${IMAPS_PORT_HAPROXY:-127.0.0.1:10993}:10993"
- "${POP_PORT_HAPROXY:-127.0.0.1:10110}:10110"
- "${POPS_PORT_HAPROXY:-127.0.0.1:10995}:10995"
postfix-mailcow:
ports:
- "${SMTP_PORT_HAPROXY:-127.0.0.1:10025}:10025"
- "${SMTPS_PORT_HAPROXY:-127.0.0.1:10465}:10465"
- "${SUBMISSION_PORT_HAPROXY:-127.0.0.1:10587}:10587"