[Feature] Add HAProxy listeners and an example override file

data/conf/postfix/master.cf

@@ -1,5 +1,8 @@
 # inter-mx with postscreen on 25/tcp
 smtp       inet  n       -       n       -       1       postscreen
+10025      inet  n       -       n       -       1       postscreen
+  -o postscreen_upstream_proxy_protocol=haproxy
+  -o syslog_name=haproxy
 smtpd      pass  -       -       n       -       -       smtpd
   -o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
   -o smtpd_sasl_auth_enable=no
@@ -13,6 +16,13 @@ smtps    inet  n       -       n       -       -       smtpd
   -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
   -o tls_preempt_cipherlist=yes
   -o syslog_name=postfix/smtps
+10465    inet  n       -       n       -       -       smtpd
+  -o smtpd_upstream_proxy_protocol=haproxy
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+  -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
+  -o tls_preempt_cipherlist=yes
+  -o syslog_name=postfix/smtps-haproxy
 
 # smtpd with starttls on 587/tcp
 # TLS protocol can be modified by setting submission_smtpd_tls_mandatory_protocols in extra.cf
@@ -23,6 +33,14 @@ submission inet n       -       n       -       -       smtpd
   -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
   -o tls_preempt_cipherlist=yes
   -o syslog_name=postfix/submission
+10587      inet n       -       n       -       -       smtpd
+  -o smtpd_upstream_proxy_protocol=haproxy
+  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+  -o smtpd_enforce_tls=yes
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
+  -o tls_preempt_cipherlist=yes
+  -o syslog_name=postfix/submission-haproxy
 
 # used by SOGo
 # smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function