diff --git a/stalwart-mail/Chart.yaml b/stalwart-mail/Chart.yaml
index 02ee721..672d7eb 100644
--- a/stalwart-mail/Chart.yaml
+++ b/stalwart-mail/Chart.yaml
@@ -3,7 +3,7 @@ name: stalwart-mail
 description: Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IMAP, JMAP, SMTP)
 icon: https://stalw.art/home/apple-touch-icon.png
 type: application
-version: 0.0.6
+version: 0.0.7
 # renovate: image=docker.io/stalwartlabs/mail-server
 appVersion: "0.8.1"
 maintainers:
diff --git a/stalwart-mail/README.adoc b/stalwart-mail/README.adoc
index ae49b67..f05a3db 100644
--- a/stalwart-mail/README.adoc
+++ b/stalwart-mail/README.adoc
@@ -2,7 +2,7 @@
 
 = stalwart-mail
 
-image::https://img.shields.io/badge/Version-0.0.6-informational?style=flat-square[Version: 0.0.6]
+image::https://img.shields.io/badge/Version-0.0.7-informational?style=flat-square[Version: 0.0.7]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-0.8.1-informational?style=flat-square[AppVersion: 0.8.1]
 == Maintainers
@@ -609,36 +609,121 @@ helm uninstall stalwart-mail-release
 | `false`
 |
 
-| traefik.ports.https
+| traefik.ports.https.entrypoint
 | string
 | `"websecure"`
 |
 
-| traefik.ports.imaptls
+| traefik.ports.https.match
+| string
+| `nil`
+|
+
+| traefik.ports.https.passthroughTLS
+| bool
+| `true`
+|
+
+| traefik.ports.https.proxyProtocol
+| bool
+| `true`
+|
+
+| traefik.ports.imaptls.entrypoint
 | string
 | `"imaps"`
 |
 
-| traefik.ports.pop3s
+| traefik.ports.imaptls.match
+| string
+| `nil`
+|
+
+| traefik.ports.imaptls.passthroughTLS
+| bool
+| `true`
+|
+
+| traefik.ports.imaptls.proxyProtocol
+| bool
+| `true`
+|
+
+| traefik.ports.pop3s.entrypoint
 | string
 | `"pop3s"`
 |
 
-| traefik.ports.sieve
+| traefik.ports.pop3s.match
+| string
+| `nil`
+|
+
+| traefik.ports.pop3s.passthroughTLS
+| bool
+| `true`
+|
+
+| traefik.ports.pop3s.proxyProtocol
+| bool
+| `true`
+|
+
+| traefik.ports.sieve.entrypoint
 | string
 | `"sieve"`
 |
 
-| traefik.ports.smtp
+| traefik.ports.sieve.match
+| string
+| `nil`
+|
+
+| traefik.ports.sieve.passthroughTLS
+| bool
+| `true`
+|
+
+| traefik.ports.sieve.proxyProtocol
+| bool
+| `true`
+|
+
+| traefik.ports.smtp.entrypoint
 | string
 | `"smtp"`
 |
 
-| traefik.ports.smtps
+| traefik.ports.smtp.match
+| string
+| `nil`
+|
+
+| traefik.ports.smtp.proxyProtocol
+| bool
+| `true`
+|
+
+| traefik.ports.smtps.entrypoint
 | string
 | `"smtps"`
 |
 
+| traefik.ports.smtps.match
+| string
+| `nil`
+|
+
+| traefik.ports.smtps.passthroughTLS
+| bool
+| `true`
+|
+
+| traefik.ports.smtps.proxyProtocol
+| bool
+| `true`
+|
+
 | volumeMounts
 | list
 | `[]`
diff --git a/stalwart-mail/templates/traefik.yaml b/stalwart-mail/templates/traefik.yaml
index 1be77ef..3f682f0 100644
--- a/stalwart-mail/templates/traefik.yaml
+++ b/stalwart-mail/templates/traefik.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.traefik.enabled }}
-{{- range $port,$entryport := .Values.traefik.ports }}
+{{- range $port,$config := .Values.traefik.ports }}
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
@@ -7,15 +7,19 @@ metadata:
   name: {{ include "stalwart-mail.fullname" $ }}-{{ $port }}
 spec:
   entryPoints:
-    - {{ $entryport }}
+    - {{ $config.entrypoint }}
   routes:
-    - match: HostSNI(`{{ $.Values.traefik.host }}`)
+    - match: {{ $config.match | default (printf "HostSNI(`%s`)" $.Values.traefik.host) | quote }}
       services:
         - name: {{ include "stalwart-mail.fullname" $ }}
           port: {{ $port }}
+          {{- if $config.proxyProtocol }}
           proxyProtocol:
             version: 2
+          {{- end }}
+  {{- if $config.passthroughTLS }}
   tls:
     passthrough: true
+  {{- end }}
 {{- end }}
 {{- end }}{{/* end-if .enabled */}}
diff --git a/stalwart-mail/values.yaml b/stalwart-mail/values.yaml
index 8ca9aef..bfa2338 100644
--- a/stalwart-mail/values.yaml
+++ b/stalwart-mail/values.yaml
@@ -184,12 +184,35 @@ ingress:
 traefik:
   enabled: false
   ports:
-    smtp: smtp
-    smtps: smtps
-    imaptls: imaps
-    pop3s: pop3s
-    sieve: sieve
-    https: websecure
+    smtp:
+      match:
+      entrypoint: smtp
+      proxyProtocol: true
+    smtps:
+      match:
+      entrypoint: smtps
+      proxyProtocol: true
+      passthroughTLS: true
+    imaptls:
+      match:
+      entrypoint: imaps
+      proxyProtocol: true
+      passthroughTLS: true
+    pop3s:
+      match:
+      entrypoint: pop3s
+      proxyProtocol: true
+      passthroughTLS: true
+    sieve:
+      match:
+      entrypoint: sieve
+      proxyProtocol: true
+      passthroughTLS: true
+    https:
+      match:
+      entrypoint: websecure
+      proxyProtocol: true
+      passthroughTLS: true
 
 certificate:
   # -- not needed if certmanager is used