Welcome! Log In Create A New Profile

Advanced

Re: nginx_mail_proxy authenticate to imap_ssl upstream ssl

tom via nginx
July 20, 2017 10:46AM
Hello Maxim,is there any way with the stream module to get the authentication failures reported? As I did not get the authentication failure in my nginx log when using the stream module, I switched to the mail module. But my Backend speaks only IMAP-SSL, therefore this does not work.Any help is appreciated,Best regards,Thomas


Maxim Dounin <mdounin@mdounin.ru> schrieb am 15:59 Donnerstag, 20.Juli 2017:


Hello!

On Thu, Jul 20, 2017 at 09:17:02AM +0000, tom via nginx wrote:

> Hello list,
> I configured sucessfully the mail_proxy for nginx 1.10.2 von RHEL7, but authentication only succeeds if upstream server which is provided by the auth_http Server is cleartext, e.g. if the auth-server responds
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Status: OK"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Server: 192.168.0.200"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Port: 143"
> then everything works fine, but having
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Status: OK"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Server: 192.168.0.200"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Port: 993"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-SSL: on"
>
> I get
> 2017/07/20 11:03:47 [info] 9535#0: *49 upstream timed out (110: Connection timed out) while connecting to upstream, client: 192.168.0.200, server: 0..0.0.0:10993, login: "user@domain.com", upstream: 192.168.0.200:993
> When I directly do a
>
> openssl s_client -connect 192.168.0.200:993 -crlf
> I am able to login with
> . login user@domain.com password
>
> Any help is appreciated.

The "Auth-SSL" header is meaningful in auth_http requests, and
means that client used SSL.  It doesn't mean anything in
auth_http responses.

Moreover, connecting to SSL mail backends is not supported.  If you
really need it, consider connecting to a tunnel wich will do SSL
for you - for example, the stream module can be configured to do
this.

--
Maxim Dounin
http://nginx.org/


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx_mail_proxy authenticate to imap_ssl upstream ssl

tom via nginx July 20, 2017 05:22AM

Re: nginx_mail_proxy authenticate to imap_ssl upstream ssl

Maxim Dounin July 20, 2017 10:00AM

Re: nginx_mail_proxy authenticate to imap_ssl upstream ssl

tom via nginx July 20, 2017 10:46AM

Re: nginx_mail_proxy authenticate to imap_ssl upstream ssl

Maxim Dounin July 20, 2017 11:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 119
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready