postfix / no system resources / proxy protocol

postfix / no system resources / proxy protocol

  • Written by
    Walter Doekes
  • Published on

Connecting to Postfix and getting a "421 4.3.2 No system resources"? Maybe you forgot you're using the (HAProxy) Proxy Protocol...

If you're trying to connect to your Postfix mail daemon, and it looks like this:

$ nc localhost 25
... wait for 5 seconds ...
421 4.3.2 No system resources

Then I bet you're using HAProxy as reverse proxy to your mailserver and you have the following configured:

$ postconf | grep ^postscreen_upstream
postscreen_upstream_proxy_protocol = haproxy
postscreen_upstream_proxy_timeout = 5s

To test a direct connection, you'll need to prefix your traffic with the proxy protocol v1 handshake. That can be as simple as pasting PROXY TCP4 12345 25 as first line:

$ nc localhost 25
PROXY TCP4 12345 25
220 the-mail-server ESMTP Postfix

After that, you can resume typing SMTP commands as you're used to.

An alternative solution is to use LD_PRELOADed code that does this for you. For example libproxyproto by Michael Santos:

$ git clone

$ cd libproxyproto

$ make

That creates a and a shared library. And now you can do this:

220 the-mail-server ESMTP Postfix

Or — if you need this a lot — you can move them to /usr/local/lib/ and add a small /usr/local/bin/proxyproto_v1 shell wrapper:

# Invoke as: proxyproto_v1 nc [args...]
LD_PRELOAD=/usr/local/lib/ \
exec "$@"

Back to overview Older post: oneliner / finding fixed kernel bugs