On 05-19-2021 3:33 pm, Viktor Dukhovni wrote:
The haproxy system just copies raw bytes between client and server,
it is not involved in TLS. The haproxy server will NOT be making
a TLS connection to Postfix, the remote client will do that.
Yes, this is my understanding.
haproxy only proxies traffic, it doesn't do TLS to postfix.
The client is trying to TLS with postfix, who has a certificate for
submission.example.com
The client is connected to haproxy.example.com
haproxy.example.com:587 != crt submission.example.com
