drscream · August 29, 2015 14:07
diff --git a/dovecot.conf b/dovecot.conf
 # core.io dovecot proxy config file

 # defaults
 postmaster_address = postmaster@%d
 auth_mechanisms = plain
 protocols = imap pop3 sieve

 # secure
 ssl = yes
 disable_plaintext_auth = yes

 # imap
 service imap-login {
        inet_listener imap {
                port = 0
        }
 }
 protocol imap {
        ssl_cert = </opt/local/etc/dovecot/ssl/imap.pem
        ssl_key = </opt/local/etc/dovecot/ssl/imap.pem
 }

 # pop3
 service pop3-login {
        inet_listener pop3 {
                port = 0
        }
 }
 protocol pop3 {
        ssl_cert = </opt/local/etc/dovecot/ssl/pop.pem
        ssl_key = </opt/local/etc/dovecot/ssl/pop.pem
 }

 # sieve
 service managesieve-login {
        inet_listener sieve {
                port = 4190
        }
        inet_listener sieve_deprecated {
                port = 2000
        }
        process_min_avail = 1
 }
 protocol sieve {
        ssl_cert = </opt/local/etc/dovecot/ssl/imap.pem
        ssl_key = </opt/local/etc/dovecot/ssl/imap.pem
 }

 # userdb and passdb proxy
 userdb {
        driver = static
        args = uid=dovecot gid=dovecot
 }
 passdb {
        driver = static
        args = proxy=y host=box.mail.core.io ssl=any-cert port=993 nopassword=y
 }
diff --git a/haproxy-ssl.cfg b/haproxy-ssl.cfg
 global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        uid 99
        gid 99
        daemon
        tune.ssl.default-dh-param 2048
        #debug
        #quiet

 defaults
        log     global
        mode    tcp
        option  dontlognull
        retries 3
        option redispatch
        maxconn 2000
        timeout connect 5000
        timeout client  50000
        timeout server  50000

 frontend smtps
        bind *:465 ssl crt /opt/local/etc/haproxy/smtp.pem
        bind :::465 ssl crt /opt/local/etc/haproxy/smtp.pem
        default_backend submission

 frontend smtp-submission
        bind *:587 ssl crt /opt/local/etc/haproxy/smtp.pem
        bind :::587 ssl crt /opt/local/etc/haproxy/smtp.pem
        default_backend submission

 backend submission
        option ssl-hello-chk
        server submission-01 submission.mail.core.io ssl ca-file /etc/ssl/certs/ca-certificates.crt
	# core.io dovecot proxy config file

	# defaults
	postmaster_address = postmaster@%d
	auth_mechanisms = plain
	protocols = imap pop3 sieve

	# secure
	ssl = yes
	disable_plaintext_auth = yes

	# imap
	service imap-login {
	inet_listener imap {
	port = 0
	}
	}
	protocol imap {
	ssl_cert = </opt/local/etc/dovecot/ssl/imap.pem
	ssl_key = </opt/local/etc/dovecot/ssl/imap.pem
	}

	# pop3
	service pop3-login {
	inet_listener pop3 {
	port = 0
	}
	}
	protocol pop3 {
	ssl_cert = </opt/local/etc/dovecot/ssl/pop.pem
	ssl_key = </opt/local/etc/dovecot/ssl/pop.pem
	}

	# sieve
	service managesieve-login {
	inet_listener sieve {
	port = 4190
	}
	inet_listener sieve_deprecated {
	port = 2000
	}
	process_min_avail = 1
	}
	protocol sieve {
	ssl_cert = </opt/local/etc/dovecot/ssl/imap.pem
	ssl_key = </opt/local/etc/dovecot/ssl/imap.pem
	}

	# userdb and passdb proxy
	userdb {
	driver = static
	args = uid=dovecot gid=dovecot
	}
	passdb {
	driver = static
	args = proxy=y host=box.mail.core.io ssl=any-cert port=993 nopassword=y
	}
	global
	log 127.0.0.1 local0
	log 127.0.0.1 local1 notice
	#log loghost local0 info
	maxconn 4096
	#chroot /usr/share/haproxy
	uid 99
	gid 99
	daemon
	tune.ssl.default-dh-param 2048
	#debug
	#quiet

	defaults
	log global
	mode tcp
	option dontlognull
	retries 3
	option redispatch
	maxconn 2000
	timeout connect 5000
	timeout client 50000
	timeout server 50000

	frontend smtps
	bind *:465 ssl crt /opt/local/etc/haproxy/smtp.pem
	bind :::465 ssl crt /opt/local/etc/haproxy/smtp.pem
	default_backend submission

	frontend smtp-submission
	bind *:587 ssl crt /opt/local/etc/haproxy/smtp.pem
	bind :::587 ssl crt /opt/local/etc/haproxy/smtp.pem
	default_backend submission

	backend submission
	option ssl-hello-chk
	server submission-01 submission.mail.core.io ssl ca-file /etc/ssl/certs/ca-certificates.crt