Mail proxying

Hi

I’m setting up nginx as a reverse proxy for a postfix / dovecot setup.

My imap server requires STARTTLS usage. Nginx seems to not issue
STARTTLS
command before forwarding users credentials.

Here is the error I found in /var/log/nginx/error.log

[error] 928#0: 20 upstream sent invalid response: " BAD [ALERT]
Plaintext
authentication not allowed without SSL/TLS, but your client did it
anyway.
If anyone was listening, the password was exposed.

I did not found anything in the documentation to ask nginx to issue
STARTTLS
command to the upstream server. Is there a way to achieve this ?

I did not tried pop3 yet, but I’m expecting the same annoyance. and the
same
answer; let me know if I’m wrong.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259279,259279#msg-259279

Hi,

Unfortunately not with Nginx. You could, however, use stunnel on the
backends to do this.

Kind Regards
Andrew

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259279,259279#msg-259279


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


Andrew H. (LinuxJedi)
Senior Developer Advocate
Nginx Inc.

Hi,

On 31/05/15 11:58, dethegeek wrote:

authentication not allowed without SSL/TLS, but your client did it anyway.

Try the wiki. Specifically

http://wiki.nginx.org/ImapProxyExample


Steve H. BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

Hi

Steve, thank you for your reply.

I already read the page you mentionned, and as I understand it, either
this
feature is missing, either it is not documented.

Andrew said TLS is not implemented, so I’ll follow his advice to
properly
workaround this limitation.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259279,259297#msg-259297

Hi

Thank you Andrew,

You confirmed what I’m afraid of.

I hope this feature will be implemented soon.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259279,259296#msg-259296

feature is missing, either it is not documented.

Andrew said TLS is not implemented, so I’ll follow his advice to properly
workaround this limitation.

Although I’ve never done this, the example is pretty specific for STARTTLS. I’ve
not known nginx docs to be incorrect.

The example is for STARTTLS at the client to NGINX server level. I
believe the question was for the NGINX server to upstream server level
and unfortunately NGINX does not currently support this and has no
configuration options for it.

Kind Regards

Andrew H. (LinuxJedi)
Senior Developer Advocate
Nginx Inc.

HI

On 01/06/15 23:51, dethegeek wrote:

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259279,259297#msg-259297


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
Although I’ve never done this, the example is pretty specific for
STARTTLS. I’ve not known nginx docs to be incorrect.


Steve H. BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

Hi

As I understood the example given in the documentation, it is for a TLS
session between a client and nginx. This is the next step in my
roadmap.
Right now, I’m focusing on the secure connection between nginx and the
backend servers.

It still would be interesting to implement whad I need directly in
nginx; As
I understand how nginx works with pop3 / imap / smtp protocols I guess
this
would be a reasonnable work.

Thank you Andrew and Steve.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,259279,259328#msg-259328

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs