IMAP4 is a mail protocol that allows users to be disconnected from the main messaging system and still be able to process mail. Users can store messages on a local machine or on a server.

IMAP4 protocol can work over two types of connection: in clear (called IMAP, default port 143) or over TLS (called IMAPs, default port 993). Hence, you can choose a variety of deployment types:

  • TCP forward on IMAP (TCP/143) only

  • TCP forward on IMAPs (TCP/993) only

  • SSL offload on IMAPs (TCP/993) only

  • TCP forward on both IMAP (TCP/143) and IMAPs (TCP/993)

  • TCP forward on IMAP (TCP/143) and SSL offload on IMAPs (TCP/993)

Note

SSL offload means that HAProxy terminates the SSL/TLS connection and deciphers the traffic. It is not compatible with STARTTLS where the connection starts as clear and then switches to TLS. To be compatible with STARTTLS, use the TCP forward configuration.

The configuration template below introduces HAProxy configuration for MS Exchange 2010 IMAP service in TCP forward on both IMAP (TCP/143) and IMAPs (TCP/993) layouts.

You may have to modify these parameters to suit your environment:

bind

The listening IP (usually an IP address configured over VRRP)

server

The server name and IP addresses

Note

You can use the default XCHANGE2010_TCP section for other Exchange 2010 TCP based services. There is no need to duplicate it.

defaults XCHANGE2010_TCP
 mode tcp
  log global
  option tcplog
  balance leastconn
  option dontlognull
  option redispatch
  option contstats
  option socket-stats
  timeout server 600s
  timeout client 600s
  timeout connect 5s
  timeout queue 60s
  retries 3
  default-server inter 15s rise 2 fall 2
  backlog 10000

frontend ft_xchange2010_imap
  bind 10.0.0.3:143 name IMAP tcp-ut 30s
  bind 10.0.0.3:993 name IMAPs tcp-ut 30s
  default_backend bk_xchange2010_imap

backend bk_xchange2010_imap
  option tcp-check
  tcp-check connect port 143
  tcp-check expect string * OK
  tcp-check connect port 993 ssl
  tcp-check expect string * OK
  default-server on-marked-down shutdown-sessions
  server CAS1 10.0.0.15 check
  server CAS2 10.0.0.16 check