[email protected]: > Server haproxy.example.com:587 accepts public connections and proxies to > submission.example.com:587 > Each server was given its own SSL cert (Let's Encrypt certbot).
If the remote SMTP client negotiates a TLS handshake with
haproxy.example.com:587, then that remote SMTP client will not
negotiate a TLS handshake with submission.example.com:587.
Wietse
