Help setting up imap, pop3, smtp, and web proxy's

Hi,

I have searched and was only able to get this partially to work
(probably because I do not understand the difference between the
NginxMailProxyModule and NginxMailCoreModule). My goal is to proxy
webmail, imap, and smtp to different servers based on an ldap lookup. I
currently have it working for imap and imaps by using Øyvind Kolbu’s
proxy_auth perl daemon. My config is at the end of this post. My
questions are:

  1. How do I get smtp proxying to work. The authentication daemon
    returns:

    ‘auth-port’ => 25
    ‘auth-server’ => ‘10.1.2.50’
    ‘auth-status’ => ‘OK’
    ‘client-date’ => ‘Tue, 09 Feb 2010 19:55:10 GMT’
    ‘client-peer’ => ‘10.1.2.49:9000’
    ‘client-response-num’ => 1

on a smtp connection, but I still get authentication failed. Do I need
the NginxMailProxyModule? What is the correct config for this?

  1. How do I get smtps to work with ssl between the client and nginx?

  2. How do I proxy webmail to different servers based on an ldap lookup?

Any examples would be most appreciated.

Thanks in advance,

ski

#nginx.conf
worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

sendfile on;
keepalive_timeout 65;

http server

server {
listen 80;
server_name mail.nsd.org;

location / {
  root   /opt/nginx/html;
  index  index.html index.htm;
}

error_page   500 502 503 504  /50x.html;
location = /50x.html {
  root   /opt/nginx/html;
}

}

https server

server {
listen 443;
server_name mail.nsd.org;
ssl on;
ssl_certificate /etc/ssl/private/star_nsd_org.crt;
ssl_certificate_key /etc/ssl/private/star_nsd_org.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;

location / {
  root   /opt/nginx/html;
  index  index.html index.htm;
}

}
}

mail {
auth_http 127.0.0.1:9000;

imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {
listen 993;
server_name mail.nsd.org;
ssl on;
ssl_certificate /etc/ssl/private/star_nsd_org.crt;
ssl_certificate_key /etc/ssl/private/star_nsd_org.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
protocol imap;
proxy on;
}

server {
listen 25;
server_name mail.nsd.org;
protocol smtp;
proxy on;
}
}

nginx version: nginx/0.7.65
built by gcc 4.3.2 (Debian 4.3.2-1.1)
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx
–conf-path=/opt/nginx/etc/nginx.conf
–error-log-path=/opt/nginx/var/log/error.log
–pid-path=/opt/nginx/var/run/nginx.pid
–lock-path=/opt/nginx/var/lock/nginx.lock
–http-log-path=/opt/nginx/var/log/access.log
–http-client-body-temp-path=/opt/nginx/lib/body
–http-proxy-temp-path=/opt/nginx/lib/proxy --with-debug
–with-http_stub_status_module --with-http_ssl_module --with-mail
–with-mail_ssl_module --with-http_perl_module

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,52788,52788#msg-52788

Hello!

On Tue, Feb 09, 2010 at 03:30:18PM -0500, ski98033 wrote:

  'auth-port' => 25
  'auth-server' => '10.1.2.50'
  'auth-status' => 'OK'
  'client-date' => 'Tue, 09 Feb 2010 19:55:10 GMT'
  'client-peer' => '10.1.2.49:9000'
  'client-response-num' => 1

on a smtp connection, but I still get authentication failed. Do
I need the NginxMailProxyModule? What is the correct config for
this?

What’s in error_log? Most likely the reason is that backend
rejects mail.

Note well: smtp proxy doesn’t re-authenticate against backend. It
expects backend which trusts nginx by ip and only passes original
user’s login via XCLIENT command (if configured to).

  1. How do I get smtps to work with ssl between the client and
    nginx?

Either by defining ‘ssl on’ and listen on smtps port (465), or by
starttls with smtp listen. Or both.

mail {

ssl_certificate ...
ssl_certificate_key ...

server {
    listen 25;
    proto smtp;
    starttls;
}

server {
    listen 465;
    proto smtp;
    ssl on;
}

...

}

  1. How do I proxy webmail to different servers based on an ldap
    lookup?

Most likely you want to set cookie in your login script and then
select appropriate backend based on it.

Maxim D.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs