imap authentication issue using nginx mail proxy
| January 15, 2024 07:28PM |
Registered: 3 months ago Posts: 1 |
I setup an Nginx proxy server to do SMTP/POP/IMAP authentication to upsteam mail servers. I have Smartermail and cPanel mail servers. I am able to get SMTP/POP working on both Smartermail and cPanel, however, I aways get "unable to log in at server, Probably wrong configuration, username and password" when testing IMAP for Smartermail. At soon as I switch upsteam mail server to cPanel in nginx authentication script, the same IMAP config works immediately.
===imap log when try through nginx proxy, this one show unable to login at server error in thunderbird, but log shows I was able to login===
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: * OK IMAP4rev1 SmarterMail
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] connected at 1/15/2024 3:26:04 PM
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] command: 39 LOGIN XXXX
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: + Ready
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: + Ready
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: 39 OK LOGIN completed
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] user@domain.com logged in
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] disconnected at 1/15/2024 3:26:04 PM
===imap log when try though mail server directly, I am able to login IMAP in thunderbird, the log is little different from failed one above===
[2024.01.15] 15:35:12.916 [client_ip][47578216] response: * OK IMAP4rev1 SmarterMail
[2024.01.15] 15:35:12.916 [client_ip][47578216] connected at 1/15/2024 3:35:12 PM
[2024.01.15] 15:35:12.932 [client_ip][47578216] command: 80 capability
[2024.01.15] 15:35:12.932 [client_ip][47578216] response: * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN SASL-IR UIDPLUS QUOTA MOVE XLIST CHILDREN ENABLE CONDSTORE X-SM-TAGS IDLE
[2024.01.15] 15:35:12.932 [client_ip][47578216] response: 80 OK CAPABILITY completed
[2024.01.15] 15:35:13.010 [client_ip][47578216] command: 81 authenticate PLAIN
[2024.01.15] 15:35:13.010 [client_ip][47578216] response: +
[2024.01.15] 15:35:13.010 [client_ip][47578216] PLAIN message received AHdlaUBjcGFuZWxyZXZpZXcuY29tAERNVkhmN0R0cndCWA==
[2024.01.15] 15:35:13.026 [client_ip][47578216] response: 81 OK PLAIN authentication successful
[2024.01.15] 15:35:13.026 [client_ip][47578216] user@domain.com logged in
[2024.01.15] 15:35:13.198 [client_ip][47578216] command: 82 logout
[2024.01.15] 15:35:13.198 [client_ip][47578216] response: * BYE IMAP4rev1 Server logging out
[2024.01.15] 82 OK LOGOUT completed15:35:13.198 [client_ip][47578216] disconnected at 1/15/2024 3:35:13 PM
===my nginx mail block===
mail {
server_name mail.myserverdomain.com;
auth_http http://localhost:8080/nginxmailauth.php;
proxy_pass_error_message on;
imap_capabilities "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA";
#imap_capabilities "IMAP4rev1" "AUTH=CRAM-MD5" "AUTH=NTLM" "AUTH=PLAIN" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA" "SASL-IR" "MOVE" "XLIST" "CHILDREN" "ENABLE" "CONDSTORE" "X-SM-TAGS";
pop3_capabilities "LAST" "TOP" "USER" "PIPELINING" "UIDL";
smtp_capabilities "SIZE 10485760" "ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
imap_auth plain login cram-md5;
pop3_auth plain apop cram-md5;
smtp_auth login plain cram-md5;
#imap_client_buffer 8k;
xclient off;
# The SSL part can be put in a separate configuration file,
# e.g., in the case of an SSL offloader / caching proxy.
# In that case, only the ssl_certificate* needs to be set here (or in server block.)
# The config assumes certificates in /etc/nginx/ssl/ and
# private keys in /etc/nginx/ssl/private/
# ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## default SSL cert. Each host should have its own.
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
# SMTP settings
server {
protocol smtp;
listen my_server_ip:25;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 25;
auth_http_header User-Agent "mail.myserverdomain.com SMTP 25 proxy";
}
server {
protocol smtp;
listen my_server_ip:587;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 587;
auth_http_header User-Agent "mail.myserverdomain.com SMTP 587 proxy";
}
server {
protocol smtp;
listen my_server_ip:465 ssl;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 465;
auth_http_header User-Agent "mail.myserverdomain.com Secure SMTP 465 proxy";
}
## IMAP Settings
server {
protocol imap;
listen my_server_ip:143;
proxy on;
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 143;
auth_http_header User-Agent "mail.myserverdomain.com Secure IMAP 143 proxy";
}
server {
protocol imap;
listen my_server_ip:993 ssl;
proxy on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 993;
auth_http_header User-Agent "mail.myserverdomain.com Secure IMAP 993 proxy";
}
## POP Settings
server {
protocol pop3;
listen my_server_ip:110;
proxy on;
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 110;
auth_http_header User-Agent "mail.myserverdomain.com Secure POP 110 proxy";
}
server {
protocol pop3;
listen my_server_ip:995 ssl;
proxy on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 995;
auth_http_header User-Agent "mail.myserverdomain.com Secure POP 995 proxy";
}
}
===imap log when try through nginx proxy, this one show unable to login at server error in thunderbird, but log shows I was able to login===
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: * OK IMAP4rev1 SmarterMail
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] connected at 1/15/2024 3:26:04 PM
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] command: 39 LOGIN XXXX
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: + Ready
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: + Ready
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] response: 39 OK LOGIN completed
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] user@domain.com logged in
[2024.01.15] 15:26:04.297 [proxy_server_ip][12895394] disconnected at 1/15/2024 3:26:04 PM
===imap log when try though mail server directly, I am able to login IMAP in thunderbird, the log is little different from failed one above===
[2024.01.15] 15:35:12.916 [client_ip][47578216] response: * OK IMAP4rev1 SmarterMail
[2024.01.15] 15:35:12.916 [client_ip][47578216] connected at 1/15/2024 3:35:12 PM
[2024.01.15] 15:35:12.932 [client_ip][47578216] command: 80 capability
[2024.01.15] 15:35:12.932 [client_ip][47578216] response: * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 AUTH=NTLM AUTH=PLAIN SASL-IR UIDPLUS QUOTA MOVE XLIST CHILDREN ENABLE CONDSTORE X-SM-TAGS IDLE
[2024.01.15] 15:35:12.932 [client_ip][47578216] response: 80 OK CAPABILITY completed
[2024.01.15] 15:35:13.010 [client_ip][47578216] command: 81 authenticate PLAIN
[2024.01.15] 15:35:13.010 [client_ip][47578216] response: +
[2024.01.15] 15:35:13.010 [client_ip][47578216] PLAIN message received AHdlaUBjcGFuZWxyZXZpZXcuY29tAERNVkhmN0R0cndCWA==
[2024.01.15] 15:35:13.026 [client_ip][47578216] response: 81 OK PLAIN authentication successful
[2024.01.15] 15:35:13.026 [client_ip][47578216] user@domain.com logged in
[2024.01.15] 15:35:13.198 [client_ip][47578216] command: 82 logout
[2024.01.15] 15:35:13.198 [client_ip][47578216] response: * BYE IMAP4rev1 Server logging out
[2024.01.15] 82 OK LOGOUT completed15:35:13.198 [client_ip][47578216] disconnected at 1/15/2024 3:35:13 PM
===my nginx mail block===
mail {
server_name mail.myserverdomain.com;
auth_http http://localhost:8080/nginxmailauth.php;
proxy_pass_error_message on;
imap_capabilities "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA";
#imap_capabilities "IMAP4rev1" "AUTH=CRAM-MD5" "AUTH=NTLM" "AUTH=PLAIN" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA" "SASL-IR" "MOVE" "XLIST" "CHILDREN" "ENABLE" "CONDSTORE" "X-SM-TAGS";
pop3_capabilities "LAST" "TOP" "USER" "PIPELINING" "UIDL";
smtp_capabilities "SIZE 10485760" "ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
imap_auth plain login cram-md5;
pop3_auth plain apop cram-md5;
smtp_auth login plain cram-md5;
#imap_client_buffer 8k;
xclient off;
# The SSL part can be put in a separate configuration file,
# e.g., in the case of an SSL offloader / caching proxy.
# In that case, only the ssl_certificate* needs to be set here (or in server block.)
# The config assumes certificates in /etc/nginx/ssl/ and
# private keys in /etc/nginx/ssl/private/
# ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## default SSL cert. Each host should have its own.
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
# SMTP settings
server {
protocol smtp;
listen my_server_ip:25;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 25;
auth_http_header User-Agent "mail.myserverdomain.com SMTP 25 proxy";
}
server {
protocol smtp;
listen my_server_ip:587;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 587;
auth_http_header User-Agent "mail.myserverdomain.com SMTP 587 proxy";
}
server {
protocol smtp;
listen my_server_ip:465 ssl;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 465;
auth_http_header User-Agent "mail.myserverdomain.com Secure SMTP 465 proxy";
}
## IMAP Settings
server {
protocol imap;
listen my_server_ip:143;
proxy on;
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 143;
auth_http_header User-Agent "mail.myserverdomain.com Secure IMAP 143 proxy";
}
server {
protocol imap;
listen my_server_ip:993 ssl;
proxy on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 993;
auth_http_header User-Agent "mail.myserverdomain.com Secure IMAP 993 proxy";
}
## POP Settings
server {
protocol pop3;
listen my_server_ip:110;
proxy on;
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 110;
auth_http_header User-Agent "mail.myserverdomain.com Secure POP 110 proxy";
}
server {
protocol pop3;
listen my_server_ip:995 ssl;
proxy on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 995;
auth_http_header User-Agent "mail.myserverdomain.com Secure POP 995 proxy";
}
}
| Subject | Author | Posted |
|---|---|---|
|
garconcn | January 15, 2024 07:28PM |
Sorry, only registered users may post in this forum.
Online Users
Guests:
191
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|