postfix / no system resources / proxy protocol

Connecting to Postfix and getting a "421 4.3.2 No system resources"? Maybe you forgot you're using the (HAProxy) Proxy Protocol...

If you're trying to connect to your Postfix mail daemon, and it looks like this:

$ nc localhost 25
... wait for 5 seconds ...
421 4.3.2 No system resources

Then I bet you're using HAProxy as reverse proxy to your mailserver and you have the following configured:

$ postconf | grep ^postscreen_upstream
postscreen_upstream_proxy_protocol = haproxy
postscreen_upstream_proxy_timeout = 5s

To test a direct connection, you'll need to prefix your traffic with the proxy protocol v1 handshake. That can be as simple as pasting PROXY TCP4 127.1.1.1 127.0.0.1 12345 25 as first line:

$ nc localhost 25
PROXY TCP4 127.0.123.45 127.0.0.1 12345 25
220 the-mail-server ESMTP Postfix

After that, you can resume typing SMTP commands as you're used to.

An alternative solution is to use LD_PRELOADed code that does this for you. For example libproxyproto by Michael Santos:

$ git clone https://github.com/msantos/libproxyproto.git
...

$ cd libproxyproto

$ make
...

That creates a libproxyproto.so and a libproxyproto_connect.so shared library. And now you can do this:

$ LD_PRELOAD=./libproxyproto_connect.so LIBPROXYPROTO_VERSION=1 nc localhost 25
220 the-mail-server ESMTP Postfix

Or — if you need this a lot — you can move them to /usr/local/lib/ and add a small /usr/local/bin/proxyproto_v1 shell wrapper:

#!/bin/sh
# Invoke as: proxyproto_v1 nc [args...]
LD_PRELOAD=/usr/local/lib/libproxyproto_connect.so \
LIBPROXYPROTO_VERSION=1 \
exec "$@"