Haproxy will not load balance smtp

I have been struggling with Haproxy for a long time now to configure smtp load balancing. Whatever I do, the server responds with a black screen and no possibility to try out smtp commands to test. There is nothing in the logs and when I am testing from the Ubuntu server itself I can use telnet towards the backend servers and successfully get the prompt and test with smtp commands.

Also if I use an application that is supposed to send via smtp I get no response and a timeout.

The other backend server is working flawlessly, my outlook client is working and the Exchange web services, ecp,owa,autodiscover and so on are also working as they should.

Ubuntu version 22.04 HAproxy 2.7

Here is my config:

global
log /dev/log local0
log /dev/log local1 notice

chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

#ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:

ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

tune.ssl.default-dh-param 2048

defaults
log global
mode http
option httplog
option dontlognull

timeout connect 10s
timeout client 10s
timeout server 10s

errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
no option http-use-htx

listen stats
stats enable
bind :1936 ssl crt /etc/ssl/certs/exchlb.pem
mode http
stats uri /haproxy?stats
stats refresh 5s
stats admin if TRUE

frontend fe_mail
bind :80
http-response set-header X-Frame-Options SAMEORIGIN
http-response set-header X-Content-Type-Options nosniff
http-response set-header Strict-Transport-Security max-age=63072000
mode http
maxconn 10000
redirect scheme https code 301 if !{ ssl_fc } # redirect 80 -> 443 (for owa)
bind *:443 ssl crt /etc/ssl/certs/email.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2
acl xmail hdr(host) -i mail.domain.com autodiscover.domain.com smtp.domain.com
acl default_for_mail url_beg /
use_backend ex_default if xmail default_for_mail

frontend fe_smtp
mode tcp
option tcplog
bind :25 
log global
default_backend ex_smtp

backend ex_default
mode http
option httpchk GET /mapi/healthcheck.htm
option log-health-checks
http-check expect status 200
balance roundrobin
server srv1 srv1.domain.com:443 check ssl verify none
server srv2 srv2.domain.com:443 check ssl verify none

backend ex_smtp
mode tcp
balance leastconn
log global
server srv1 srv1.domain.com:25 check send-proxy
server srv2 srv2.domain.com:25 check send-proxy

There are two things happening here. The first was a firewall between client and Load balancer. A proper FW-config took care of the connection resets.

The other problem with HAproxy sending its proper IP and not the client IP. This happens because HAproxy 2.7.1 command send-proxy is NOT supported on Exchange.

There is actually no way you can send the clients IP to Exchange with HAproxy.