I’m setting up nginx as a reverse proxy for a postfix / dovecot setup.
My imap server requires STARTTLS usage. Nginx seems to not issue
command before forwarding users credentials.
Here is the error I found in /var/log/nginx/error.log
[error] 928#0: 20 upstream sent invalid response: " BAD [ALERT]
authentication not allowed without SSL/TLS, but your client did it
If anyone was listening, the password was exposed.
I did not found anything in the documentation to ask nginx to issue
command to the upstream server. Is there a way to achieve this ?
I did not tried pop3 yet, but I’m expecting the same annoyance. and the
answer; let me know if I’m wrong.
Posted at Nginx Forum: