Can nginx be an mail proxy for a backend server that does not accept cleartext logins?

Posted by 84104 on Server Fault See other posts from Server Fault or by 84104
Published on 2012-05-08T20:29:14Z Indexed on 2012/06/05 10:42 UTC
Read the original article Hit count: 200

Filed under:

nginx

|

reverse-proxy

Can Nginx be an mail proxy for a backend server that does not accept cleartext logins?

Preferably I'd like to know what directive to include so that it will invoke STARTTLS/STLS, but communication via IMAPS or POP3S is sufficient.

relevant(?) section of nginx.conf

mail {
    auth_http           localhost:80/mailproxy/auth.php;
    proxy               on; 
    ssl_prefer_server_ciphers   on;
    ssl_protocols           TLSv1 SSLv3;
    ssl_ciphers         HIGH:!ADH:!MD5:@STRENGTH;
    ssl_session_cache       shared:TLSSL:16m;
    ssl_session_timeout     10m;
    ssl_certificate         /etc/ssl/private/hostname.crt;
    ssl_certificate_key     /etc/ssl/private/hostname.key;
    imap_capabilities  "IMAP4rev1" "UIDPLUS"; 
    server {
        protocol    imap;
        listen      143;
        starttls    on;
    }
    server {
        protocol    imap;
        listen      993;
        ssl     on;
    }
    pop3_capabilities  "TOP" "USER";
    server {
        protocol    pop3;
        listen      110;
        starttls    on;
        pop3_auth   plain;
    }
    server {
        protocol    pop3;
        listen      995;
        ssl     on;
        pop3_auth   plain;
    }
}

© Server Fault or respective owner

Related posts about nginx

ModSecurity compile error on nginx

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified… >>> More
Cannot Start Nginx Compiled from Source

as seen on Server Fault - Search for 'Server Fault'
I am trying to compile Nginx from source based on the original compiled Nginx server running on my DigitalOcean server ( Ubuntu-14.04 64x ) but with a few extra modules. I can get everything installed smoothly but I can not get it to start. I am sure the ini is correct because I copied the original… >>> More
Nginx http_mp4_module seam installed but dont work

as seen on Server Fault - Search for 'Server Fault'
I try to use the http_mp4_module on my Ubuntu server but that didnt seem to work at all. When i check nginx -V i get : nginx version: nginx/1.1.19 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body… >>> More
GeoIP and Nginx

as seen on Server Fault - Search for 'Server Fault'
I have a nginx with geoip, but it is not working rightly. The issue is the next: Nginx are getting geodata from $_SERVER['REMOTE_ADDR'] instead of $_SERVER['HTTP_X_HAPROXY_IP'], which have the real client ip. So, the reported geodata belongs to my server ip instead of client ip. Does anybody where… >>> More
Nginx1.6.1: Installing from source not running corectly

as seen on Server Fault - Search for 'Server Fault'
I just installed Nginx 1.6.1 from source but it didn't seem to installed correctly. Nginx is running if I service nginx status but when I do nginx -v it outputs command not found. Regular HTML page shows fine and there is no error in the error logs. I am on AWS Ec2 linux AMI. Here is my /etc/init… >>> More

Related posts about reverse-proxy

Reverse Proxy FTP traffic

as seen on Server Fault - Search for 'Server Fault'
I was wondering if anyone knew of a reverse proxy server to reverse proxy ftp traffic. I would like to run many servers on ip address, but then pass the traffic to an internal server with its own ip address. Thank you for any suggestions. >>> More
Determine nginx reverse-proxy load limits

as seen on Server Fault - Search for 'Server Fault'
Hi all: I have an nginx server (CentOS 5.3, linux) that I'm using as a reverse-proxy load-balancer in front of 8 ruby on rails application servers. As our load on these servers increases, I'm beginning to wonder at what point will the nginx server become a bottleneck? The CPUs are hardly used,… >>> More
Running a reverse proxy in front of Splunk 4.x

as seen on Server Fault - Search for 'Server Fault'
So, I have previously installed Splunk 3.x behind a reverse proxy and downloaded the latest version (4.0.6 at time of typing) expecting it to be as easy to use as before. Sadly this was not the case. There appears to be some elements which are not being translated correctly through the reverse proxy… >>> More
IIS reverse proxy to windows authenticated internal site

as seen on Server Fault - Search for 'Server Fault'
I have an internal windows authenticated website that I need to expose anonymously to external users. extern: http://foo.com/ (public) intern: http://privatefoo/ (requires windows auth) I want people hitting foo.com to see no security prompt, just get access to privatefoo - I know this is possible… >>> More
Creating a Reverse Proxy using Jpcap

as seen on Stack Overflow - Search for 'Stack Overflow'
I need to create a program that receives HTTP request and forwards those requests to the web servers. I have successfully made this using only Java Sockets but the client needed the program to be implemented in Jpcap. I'd like to know if this is possible and what literature I should be reading… >>> More