Mail proxy the destination server by ssl (Postfix)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Mail proxy the destination server by ssl (Postfix)

sonpg
Hi everyone, 
I’m trying to mail-proxy by ssl connection from the nginx server to the
postfix server.
Please let me ask some question.

SMTPS(465)->| nginx |--SMTPS(465)->| Postfix |

Question1:
I found this issue. The mail module cannot proxy to the destination server
by ssl, right?
https://forum.nginx.org/read.php?2,232147,232466#msg-232466


Question2:
I tried the another way to use the stream server, but I could not proxy
(The connection timeout is occurred.)

How can i fix it?

SMTPS(465)->| mail -> upstream(20465)| --SMTPS(465)->| Postfix |

<nginx.conf>
load_module "modules/ngx_stream_module.so";
 
worker_processes auto;
error_log  /var/log/nginx/error.log warn;
 
events {
  worker_connections 1024;
}
stream {
  upstream smtps_server {
    server postfix_server:465;
  }
  server {
    listen 20465;
    proxy_pass smtps_server;
    proxy_ssl  on;
 
    proxy_ssl_certificate      /etc/nginx/ssl/server.crt;
    proxy_ssl_certificate_key  /etc/nginx/ssl/server.key;
    error_log   /var/log/nginx/mail-tcp-proxy.log info;
  }
}
 
mail {
  auth_http localhost:80/auth/smtp;
  proxy_pass_error_message on;
  proxy on;
  smtp_auth login plain;
  xclient   on;
  server_name nginx_server;
 
  server {
      listen    25;
      protocol  smtp;
  }
  server {
      listen    465;
      protocol  smtp;
      ssl       on;
      ssl_certificate      /etc/nginx/ssl/server.crt;
      ssl_certificate_key  /etc/nginx/ssl/server.key;
  }
}


Thank you for your time.
Azusa Taroura

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278532,278532#msg-278532

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Mail proxy the destination server by ssl (Postfix)

Maxim Dounin
Hello!

On Tue, Feb 13, 2018 at 02:39:10AM -0500, Azusa Taroura wrote:

> Hi everyone, 
> I’m trying to mail-proxy by ssl connection from the nginx server to the
> postfix server.
> Please let me ask some question.
>
> SMTPS(465)->| nginx |--SMTPS(465)->| Postfix |
>
> Question1:
> I found this issue. The mail module cannot proxy to the destination server
> by ssl, right?
> https://forum.nginx.org/read.php?2,232147,232466#msg-232466

Yes, only non-SSL backends are supported.

> Question2:
> I tried the another way to use the stream server, but I could not proxy
> (The connection timeout is occurred.)
>
> How can i fix it?
>
> SMTPS(465)->| mail -> upstream(20465)| --SMTPS(465)->| Postfix |

[...]

The configuration provided looks fine, at least I see no obvious
errors.  Try looking into more details on where the timeout
occurs.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Mail proxy the destination server by ssl (Postfix)

sonpg
Thank you for your reply!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,278532,278655#msg-278655

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx