Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - 25564rbr

Pages1
#1
Tutorials and FAQs / Re: Possible? HAProxy IMAPS / SMTPS only under a virtual domain
July 20, 2025, 03:31:31 PM
Hi,
thank you very much for the swift reply!
The biggest point was the dedicated subdomain for me, but as far as I understand this is not possible so I will try to do it with port forwarding instead.
#2
Tutorials and FAQs / Possible? HAProxy IMAPS / SMTPS only under a virtual domain
July 20, 2025, 01:59:02 PM
Hello everyone,
I've read some posts concerning this but I'm not sure if I understood correctly.
My plan is to create a subdomain (e.g. mail.somedomain.com) wich get's a let's encrypt cert trough cloudflare dns (this works). And only on this domain I'd like to be ports 993/465 (IMAPS/SMTPS) reachable. Those should be forwarded trough HAproxy to an internal server.
The internal server (mailcow) has a self signed ceritifcate.

I've created the real server, backend pool, virtual server and some extra rules & conditions i've read about online.

Configuration:
Code Select
# Frontend: 0_MAILCOW_frontend_imaps
frontend 0_MAILCOW_frontend_imaps
    bind 0.0.0.0:993 name 0.0.0.0:993 ssl no-tls-tickets ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/XX.certlist
    mode tcp

    # logging options
    # ACL: traffic_ssl
    acl acl_687b7007ab7f94.09967451 req_ssl_hello_type 1
    # ACL: mail_Subdomain_Check
    acl acl_6877ab1b8aa420.23960963 req.ssl_sni -i mail.somedomain.com

    # ACTION: request_inspect_delay
    # NOTE: actions with no ACLs/conditions will always match
    tcp-request inspect-delay 5s
    # ACTION: request_content_accept_ssl
    tcp-request content accept if acl_687b7007ab7f94.09967451
    # ACTION: mailserver_sni
    use_backend MAILCOW_backend_imaps if acl_6877ab1b8aa420.23960963


    # Backend: MAILCOW_backend_imaps ()
backend MAILCOW_backend_imaps
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    server MAILCOW_server_IMAPS INTERNAL_IP:993 ssl alpn h2,http/1.1 verify none send-proxy-v2 check-send-proxy

I'm getting a connect with openssl s_client -connect, but on ALL Subdomains / IPs and no IMAP "Hello". Can't see any informational messages in HAproxys logfile (?).

Thank you very much.
Pages1