Adding a haproxy-to-postscreen adapter turns out to be pretty trivial. However, a major code rewrite would be needed in the way that postscreen(8) talks to smtpd(8).
Begin background: Postscreen is optimized for the following case: a client connects, postscreen looks up the client IP address in its temporary cache, and when the client is "OK", postscreen sends the connection's file descriptor to a Postfix SMTP server process and gets out of the loop. There is no other communication between postscreen and SMTP server processes. The file descriptor carries all information that an SMTP server process needs. In fact, the file descriptor is indistinguishable from a file descriptor that an SMTP server gets when it is configured in master.cf to listen directly on the SMTP port. End background. To make postscreen work with before-postscreen proxies, it either has to become a proxy itself (over my dead body) or Postfix needs a small protocol to send (attributes plus a file descriptor) from postscreen to smtpd. It's relatively simple to pass a few attributes from haproxy to postscreen with a simple hard-coded non-reusable protocol. On the other hand, Postfix support for (file descriptor + arbitrary attribute passing) will have to be reusable (*), so that the same infrastructure can be used later to improve Postfix. For example, to hand off a connection mid-session from postscreen to smtpd, something that is currently not possible. Wietse (*) The client decides what attributes to send and passes the attributes + file descriptor to the low-level sender infrastructure; the low-level receiver infrastructure first reads the attributes into a hash and then passes the attributes and file descriptor up to the application, in an application-specified order, and deals with missing attributes and other problems.