Hello Nginx users,

I try to use NGiNX 1.10.3-1+deb9u2 (Debian 9 version) as SMTP proxy in
front of a postfix server. I defined one server that should accept
encrypted connections only. Therefore I set "starttls only".

But this server accepts plaintext mails also. If I use telnet to test
the proxy it provides STARTTLS but I can relay a mail without using it.

Please see my config:

---
proxy_pass_error_message on;
ssl_certificate /etc/ssl/private/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;ssl_session_timeout
10m;
resolver 127.0.0.1 valid=30s;
smtp_capabilities "SIZE 51200000" ENHANCEDSTATUSCODES 8BITMIME DSN VRFY
ETRN PIPELINING;

server {
server_name test.myserver.com;
auth_http localhost:10080/10.1.0.1-25;
listen 10.1.0.1:25;
protocol smtp;
smtp_auth none;
starttls only;
}
---

What can I do to enforce STARTTLS? Or did I miss something?

Greetings
Marcus


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx