docs: TLS - Include passthrough=true on implicit ports for Traefik example

[vincentDcmps]

Description

like discuss in #3563 I have add the passthrought option in reverse proxy doc

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (non-breaking change that does improve existing functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (README.md or the documentation under docs/)
• If necessary I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[polarathene]

I don't mind approving this change. Although I'd love it if there was a more consistent config experience with Traefik since several users reported recently having success and failure with different ports 🤔

[polarathene]

👍

---

Reference:

• https://doc.traefik.io/traefik/routing/routers/#passthrough
• https://traefik.io/blog/traefik-2-tls-101-23b4fbee81f1/#what-about-passthrough

Doesn't require tls=false, but should hand the traffic over to DMS on port 465 encrypted, and DMS will handle the connection (and presumably certs).

Related:

• HostSNI must either be an explicit value with no wildcard, or only *.
• Ports that use StartTLS instead should not proxy through Traefik for TLS/certs, they need to establish a plain-text connection to DMS ports to upgrade to TLS explicitly, so .tls=false is appropriate for those TCP router port configs AFAIK as Traefik does not support StartTLS:
  • question: How to configure Traefik to proxy inbound mail connections via Port 25 (StartTLS) #3563 (comment)
  • question: How to configure Traefik to proxy inbound mail connections via Port 25 (StartTLS) #3563 (comment)

[polarathene]

I think you meant to reference the imap-ssl router not esmtp?:

Suggested change

	- "traefik.tcp.routers.esmtp.tls.passthrough=true"
	- "traefik.tcp.routers.imap-ssl.tls.passthrough=true"

I'm not familiar with why the proxyProtocol.version is sometimes 1 or 2, perhaps due to Postfix / Dovecot support? I understand it's to ensure that the original client IP is handed over correctly so it doesn't get misunderstood as directly from Traefik. But I'm not sure if that's required for each different supported way that Traefik routes to different DMS ports 🤷‍♂️

[github-actions]

Documentation preview for this PR is ready! 🎉

Built with commit: 7fc3def