Imap proxy

Hello Everyone,
Is mail imap proxy supports SSL or STARTTLS for connections to backend
server ?

Slava.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,245255,245255#msg-245255

Hello!

On Thu, Dec 05, 2013 at 10:51:04AM -0500, volga629 wrote:

Hello Everyone,
Is mail imap proxy supports SSL or STARTTLS for connections to backend
server ?

No. SSL/STARTTLS is only supported for client connections. Backend
network is assumed to be non-hostile.


Maxim D.
http://nginx.org/en/donation.html

Hello Maxim,
Thank you for answer.
When user connect to proxy with SSL on backend it get destibuted in
clear
text ? If final server is DR server which another part of the world,
there
a lot of places to sniff traffic for plain 143. Is no really big sense
to
use proxy for services located on same physical server.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,245255,245257#msg-245257

Hello!

On Thu, Dec 05, 2013 at 12:02:44PM -0500, volga629 wrote:

Hello Maxim,
Thank you for answer.
When user connect to proxy with SSL on backend it get destibuted in clear
text ? If final server is DR server which another part of the world, there
a lot of places to sniff traffic for plain 143. Is no really big sense to
use proxy for services located on same physical server.

The imap proxy is to route clients to different backend servers in
a big farm, typically sitting on the same non-hostile network with
the proxy.

If for some reason you are using backends in another part of the
world over a public internet and want traffic to be encrypted, you
may use a VPN or a secure tunnel for this.


Maxim D.
http://nginx.org/en/donation.html

Hello Maxim,
Usually is normal setup of EOip tunnels though transport ipsec
(transparent
lan). And from security prospective the most bigger threat is coming
from
inside. Outside intrusion possible, but it match more complicated.
I confirm that plain 143 proxy working good. I just wonder about this
message.

2013/12/05 00:05:40 [error] 20003#0: *1 auth http server 127.0.0.1:80
did
not send server or port while in http auth state, client: 10.12.130.102,
server: 0.0.0.0:993, login: “testuser1”

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,245255,245442#msg-245442

Hello!

On Wed, Dec 11, 2013 at 01:12:26PM -0500, volga629 wrote:

Hello Maxim,
Usually is normal setup of EOip tunnels though transport ipsec (transparent
lan). And from security prospective the most bigger threat is coming from
inside. Outside intrusion possible, but it match more complicated.
I confirm that plain 143 proxy working good. I just wonder about this
message.

2013/12/05 00:05:40 [error] 20003#0: *1 auth http server 127.0.0.1:80 did
not send server or port while in http auth state, client: 10.12.130.102,
server: 0.0.0.0:993, login: “testuser1”

The message means that auth script failed to properly respond to
auth_http request, see here for details:

http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol


Maxim D.
http://nginx.org/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs