Imap proxy

musicdenotation · December 5, 2013, 4:51pm

Hello Everyone,
Is mail imap proxy supports SSL or STARTTLS for connections to backend
server ?

Slava.

Posted at Nginx Forum:

volga629 · December 5, 2013, 5:18pm

Hello!

On Thu, Dec 05, 2013 at 10:51:04AM -0500, volga629 wrote:

Hello Everyone,
Is mail imap proxy supports SSL or STARTTLS for connections to backend
server ?

No. SSL/STARTTLS is only supported for client connections. Backend
network is assumed to be non-hostile.

–
Maxim D.
http://nginx.org/en/donation.html

volga629 · December 5, 2013, 6:03pm

Hello Maxim,
Thank you for answer.
When user connect to proxy with SSL on backend it get destibuted in
clear
text ? If final server is DR server which another part of the world,
there
a lot of places to sniff traffic for plain 143. Is no really big sense
to
use proxy for services located on same physical server.

Posted at Nginx Forum:

volga629 · December 6, 2013, 12:49am

Hello!

On Thu, Dec 05, 2013 at 12:02:44PM -0500, volga629 wrote:

Hello Maxim,
Thank you for answer.
When user connect to proxy with SSL on backend it get destibuted in clear
text ? If final server is DR server which another part of the world, there
a lot of places to sniff traffic for plain 143. Is no really big sense to
use proxy for services located on same physical server.

The imap proxy is to route clients to different backend servers in
a big farm, typically sitting on the same non-hostile network with
the proxy.

If for some reason you are using backends in another part of the
world over a public internet and want traffic to be encrypted, you
may use a VPN or a secure tunnel for this.

–
Maxim D.
http://nginx.org/en/donation.html

volga629 · December 11, 2013, 7:13pm

Hello Maxim,
Usually is normal setup of EOip tunnels though transport ipsec
(transparent
lan). And from security prospective the most bigger threat is coming
from
inside. Outside intrusion possible, but it match more complicated.
I confirm that plain 143 proxy working good. I just wonder about this
message.

2013/12/05 00:05:40 [error] 20003#0: *1 auth http server 127.0.0.1:80
did
not send server or port while in http auth state, client: 10.12.130.102,
server: 0.0.0.0:993, login: “testuser1”

Posted at Nginx Forum:

volga629 · December 11, 2013, 9:30pm

Hello!

On Wed, Dec 11, 2013 at 01:12:26PM -0500, volga629 wrote:

Hello Maxim,
Usually is normal setup of EOip tunnels though transport ipsec (transparent
lan). And from security prospective the most bigger threat is coming from
inside. Outside intrusion possible, but it match more complicated.
I confirm that plain 143 proxy working good. I just wonder about this
message.

2013/12/05 00:05:40 [error] 20003#0: *1 auth http server 127.0.0.1:80 did
not send server or port while in http auth state, client: 10.12.130.102,
server: 0.0.0.0:993, login: “testuser1”

The message means that auth script failed to properly respond to
auth_http request, see here for details:

http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol

–
Maxim D.
http://nginx.org/