Welcome! Log In Create A New Profile

Advanced

Re: Nginx as reverse proxy mail server host

Francis Daly
July 02, 2020 05:06PM
On Thu, Jul 02, 2020 at 02:20:59PM -0400, siva.pannier wrote:

Hi there,

> I am trying to proxy a SMTP server on Nginx using the below configuration. I
> want all the client calls to hit the SMTP server via my proxy host. I want
> the SSL termination on nginx for the client calls to the SMTP Server.

Your config has nginx as an ssl-termination point, and nginx just sends
the decrypted traffic to its upstream.

The simplest way to prove that this works is probably to use a well-known
working client, such as "openssl s_client -connect".

> When I do the connection getting below exception even before the SSL
> handshake.. Please correct me if I am wrong anywhere.

There are two ways of doing ssl with smtp. One is to establish a ssl
session, and then "speak" smtp through that -- that is what you have
configured your nginx server to expect here. The other is to establish
a smtp session, and then use the smtp command "starttls" to establish a
ssl session -- that is what you have configured your client to do.

Things fail because nginx is expecting to see a ssl session being
established, but the client is expecting to see a smtp session being
established.

> Without SSL directive & Properties in nginx.conf, it works fine and able to
> do SSL handshake as well. Not sure how it would be a SSL connection, without
> the SSL directive and SSL properties.

In this case, nginx is acting as a plain tcp forwarder; it does not know
or care what is in the packet, it just copies it.

Now your client connects to nginx, and nginx sends the content to your
upstream. Your client says "starttls" and negotiates the ssl session
with your upstream, not with nginx.

What you have can work; but you must make sure that your design has the
client and the server speaking the same protocol with each other.

An alternative way of proxying smtp is described at
https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Nginx as reverse proxy mail server host

siva.pannier July 02, 2020 02:20PM

Re: Nginx as reverse proxy mail server host

Francis Daly July 02, 2020 05:06PM

Re: Nginx as reverse proxy mail server host

siva.pannier July 03, 2020 08:38AM

Re: Nginx as reverse proxy mail server host

Francis Daly July 04, 2020 04:26AM

Re: Nginx as reverse proxy mail server host

siva.pannier July 06, 2020 12:22AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 68
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready