On 05-19-2021 4:07 pm, Viktor Dukhovni wrote:
The correct solution is to NOT terminate TLS on haproxy, and do TLS
end-to-end from client to Postfix, with haproxy only handling layer 4
TCP.
This is what i originally tried before email the list. With this kind of
setup thunderbird reported:
Sending of message failed.
Unable to communicate securely with peer: requested domain name does
not match the server's certificate.
Postfix logs reported:
warning: TLS library problem: error:14094412:SSL
routines:ssl3_read_bytes:sslv3 alert
bad certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 42:
