Welcome! Log In Create A New Profile

Advanced

Local IMAPS connection to mail server

Posted by appie_1985 
Forum List Message List New Topic
appie_1985
Local IMAPS connection to mail server
August 13, 2012 11:52AM
Hello,

The following setup is working:
Client --> Nginx (IMAPS Port 993) --> Mailserver (IMAP Port 143)

But the following setup is not working:
Client --> Nginx (IMAPS Port 993) --> Mailserver (IMAPS Port 993)

I see on error.log file no specific log entries. Only on the mailserver I see the following entries:
2012-08-13 17:48:31,243 ERROR [ImapSSLServer-7] [ip=10.10.7.228;] ProtocolHandler - Exception occurred while handling connection
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:849)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
at com.zimbra.cs.tcpserver.ProtocolHandler.startHandshake(ProtocolHandler.java:187)
at com.zimbra.cs.tcpserver.ProtocolHandler.run(ProtocolHandler.java:135)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
... 8 more

It seems Nginx is not completing the handshake. I've got the following nginx.conf running:
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log error;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


mail {
auth_http 127.0.0.1:80/auth.php;
imap_capabilities "IMAP4rev1" "UIDPLUS";

server {
listen 993;
protocol imap;
proxy on;

ssl on;
ssl_prefer_server_ciphers on;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
}
}

It would be great if someone can help me with this issue.

Thanks!
Reply Quote
appie_1985
Re: Local IMAPS connection to mail server
August 15, 2012 09:11AM
According the information available on the internet. It seems it's not possible to have the backend encrypted.
I've solved this issue by setting up a point-to-point vpn tunnel between the proxy server and the mail server and sending the backend traffic over the tunnel:

http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html



Edited 1 time(s). Last edit at 08/15/2012 09:12AM by appie_1985.
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 281
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready