Hi all. Love HAproxy, I use it a lot 
I am playing with trying to make my exim4/dovecot SMTP server HA (rather active-backup for now) and I am looking for the advices. This configuration bellow works, but I still don’t think it is perfected and I am still having some problems.
1.) Using Iphone mail app, time to time I get a notification pop-up that R3 (letsencrypt SSL which I am using for this) is not trusted. I don’t know if I should buy another SSL, or if even SSL termination works best in this scenario, but i can’t make passthrough configuration, since the SSL on the origin is issued by letsencrypt and only for the domain mail.domain.com and I am missing mailproxy.example.com (domain on the haproxy) as SAN.
2.) You guys think I am routing (for example: submission to TCP 25 origin server) SMTP/submission ports the right way?
Thank you
My config:
###
# SUBMISSION
###
frontend submission_frontend
bind *:587 name submissionssl ssl crt /etc/haproxy/ssl/mailproxy.domain.com.pem
mode tcp
option tcplog
default_backend submission_backend
backend submission_backend
email-alert mailers smtp_domain
email-alert level debug
email-alert from alarm@domain.com
email-alert to alarm@tdomain.com
mode tcp
server Cloud mail.domain.com:25 check fall 3 port 587 fall 3 rise 2 on-marked-down shutdown-sessions send-proxy-v2
server Primary mailbackup.domain.com:25 check backup port 587 fall 3 rise 2 on-marked-down shutdown-sessions
###
# SMTP
###
frontend smtp_frontend
bind *:25
mode tcp
option tcplog
default_backend smtp_backend
backend smtp_backend
email-alert mailers smtp_domain
email-alert level debug
email-alert from alarm@domain.com
email-alert to alarm@tdomain.com
mode tcp
server Cloud mail.domain.com:25 check port 465 fall 3 rise 2 on-marked-down shutdown-sessions send-proxy-v2
server Primary mailbackup.domain.com:25 check backup port 465 fall 3 rise 2 on-marked-down shutdown-sessions send-proxy-v2
###
# SMTPs
###
frontend smtps_frontend
bind *:465 name smtpssl ssl crt /etc/haproxy/ssl/mailproxy.domain.com.pem
mode tcp
option tcplog
default_backend smtps_backend
backend smtps_backend
email-alert mailers smtp_domain
email-alert level debug
email-alert from alarm@domain.com
email-alert to alarm@tdomain.com
mode tcp
server Cloud mail.domain.com:25 check port 465 fall 3 rise 2 on-marked-down shutdown-sessions send-proxy-v2
server Primary mailbackup.domain.com:25 check backup port 465 fall 3 rise 2 on-marked-down shutdown-sessions send-proxy-v2
###
# IMAPs
###
frontend imaps_frontend
bind *:993 name imapssl ssl crt /etc/haproxy/ssl/mailproxy.domain.com.pem
mode tcp
option tcplog
default_backend imaps_backend
backend imaps_backend
email-alert mailers smtp_domain
email-alert level debug
email-alert from alarm@domain.com
email-alert to alarm@tdomain.com
mode tcp
stick store-request src
stick-table type ip size 200k expire 30m
server Cloud mail.domain.com:10993 ssl check fall 3 send-proxy-v2 verify none
server Primary mailbackup.domain.com:10993 ssl check backup send-proxy-v2 verify none
1 post - 1 participant