Enable HAPROXY protocol in between front and imap

With this we avoid running into the limitations of
 mail_max_userip_connections (see #894 amd #1364) and the
 logfiles as well as ``doveadm who`` give an accurate picture.

core/admin/mailu/internal/views/dovecot.py

@@ -17,7 +17,7 @@ def dovecot_passdb_dict(user_email):
     return flask.jsonify({
         "password": None,
         "nopassword": "Y",
-        "allow_nets": ",".join(allow_nets)
+        "allow_real_nets": ",".join(allow_nets)
     })
 
 @internal.route("/dovecot/userdb/")

core/dovecot/conf/dovecot.conf

@@ -11,6 +11,8 @@ default_internal_user = dovecot
 default_login_user = mail
 default_internal_group = dovecot
 
+haproxy_trusted_networks = {{ SUBNET }} {{ SUBNET6 }}
+
 ###############
 # Mailboxes
 ###############
@@ -109,6 +111,7 @@ protocol pop3 {
 service imap-login {
   inet_listener imap {
     port = 143
+    haproxy = yes
   }
 }
 

core/nginx/conf/nginx.conf

@@ -338,6 +338,7 @@ mail {
       starttls only;
       {% endif %}
       protocol imap;
+      proxy_protocol on;
       imap_auth plain;
       auth_http_header Auth-Port 143;
     }
@@ -349,6 +350,7 @@ mail {
       starttls only;
       {% endif %}
       protocol pop3;
+      proxy_protocol on;
       pop3_auth plain;
       auth_http_header Auth-Port 110;
     }
@@ -377,6 +379,7 @@ mail {
       listen 993 ssl;
       listen [::]:993 ssl;
       protocol imap;
+      proxy_protocol on;
       imap_auth plain;
       auth_http_header Auth-Port 993;
     }
@@ -385,6 +388,7 @@ mail {
       listen 995 ssl;
       listen [::]:995 ssl;
       protocol pop3;
+      proxy_protocol on;
       pop3_auth plain;
       auth_http_header Auth-Port 995;
     }