SMTP & IMAP proxy based on domain (pass-through)

Hello,

My scenario is as follows:
I have a single server with multiple domains. For each domain I’d like to have a separate docker container (won’t go into reasons why I want this, but it does make sense) as an email server (postfix + dovecot). I’ve researched this extensively for months and believe this should be possible using haproxy.
I’d like to achieve this without ssl termination - basically using pass-though or in other words, read the TLS SNI header (domain) and decide based on that which upstream to forward the traffic to.
Something like this is even described on: https://www.haproxy.com/blog/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/

I’m not sure if I’ve configured something wrong or am I completely missing something here?
If I set a default server, this works, but proxying based on domain (sni) does not.

My configuration is as follows:

defaults
    timeout client 30s
    timeout server 30s
    timeout connect 5s

    option tcplog
    log global


frontend smtp_submission

    mode tcp
    bind *:587

    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }

    use_backend smtp_submission


frontend imap

    mode tcp
    bind *:993

    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }

    use_backend imap


backend smtp_submission

    mode tcp

    acl mail_domain1_match req_ssl_sni -i smtp.domain1.com
    acl mail_domain2_match req_ssl_sni -i smtp.domain2.com

    use-server mail_domain1_smtp_submission if mail_domain1_match
    use-server mail_domain2_smtp_submission if mail_domain2_match

    option ssl-hello-chk

    server mail_domain1_smtp_submission 172.17.0.12:587 weight 0
    server mail_domain2_smtp_submission 172.17.0.11:587 weight 0


backend imap

    mode tcp

    acl mail_domain1_match req_ssl_sni -i imap.domain1.com
    acl mail_domain2_match req_ssl_sni -i imap.domain2.com

    use-server mail_domain1_imap if mail_domain1_match
    use-server mail_domain2_imap if mail_domain2_match

    option ssl-hello-chk

    server mail_domain1_imap 172.17.0.12:993 weight 0
    server mail_domain2_imap 172.17.0.11:993 weight 0

1 post - 1 participant

Read full topic

SMTP & IMAP proxy based on domain (pass-through)

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112