POP3 protocol can work over two types of connection: in clear (called POP, default port 110) or over TLS (called POPs, default port 995). Hence, many different types of deployments could be performed:

  • TCP forward on POP (TCP/110) only

  • TCP forward on POPs (TCP/995) only

  • SSL offload on POPs (TCP/995) only

  • TCP forward on both POP (TCP/110) and POPs (TCP/995)

  • TCP forward on POP (TCP/110) and SSL offload on POPs (TCP/995)

Note

SSL offload means that HAProxy terminates the SSL/TLS connection and deciphers the traffic. It is not compatible with STARTTLS where the connection starts as clear and then switches to TLS. To be compatible with STARTTLS, use the TCP forward configuration.

The configuration template below introduces HAProxy configuration for MS Exchange 2010 POP service in TCP forward on both POP (TCP/110) and POPs (TCP/995) layouts.

You may have to modify these parameters to suit your environment:

bind

The listening IP (usually an IP address configured over VRRP)

server

The server name and IP addresses

Note

You can use the default XCHANGE2010_TCP section for other Exchange 2010 TCP based services. There is no need to duplicate it.

defaults XCHANGE2010_TCP
    mode tcp
    log global
    option tcplog
    balance leastconn
    option dontlognull
    option redispatch
    option contstats
    option socket-stats
    timeout server 600s
    timeout client 60s
    timeout connect 5s
    timeout queue 60s
    retries 3
    default-server inter 15s rise 2 fall 2
    backlog 10000

frontend ft_xchange2010_pop
    bind 10.0.0.3:110 name POP tcp-ut 30s
    bind 10.0.0.3:995 name POPs tcp-ut 30s
    default_backend bk_xchange2010_pop

backend bk_xchange2010_pop
    option tcp-check
    tcp-check connect port 110
    tcp-check expect string +OK
    tcp-check connect port 995 ssl
    tcp-check expect string +OK
    default-server on-marked-down shutdown-sessions
    server CAS1 10.0.0.15 check
    server CAS2 10.0.0.16 check