Mail proxy with SNI

Phil Pennock nginx+phil at
Sat Mar 30 00:11:56 UTC 2013

On 2013-03-30 at 02:24 +0400, Valentin V. Bartenev wrote:
> On Saturday 30 March 2013 01:30:21 lblankers wrote:
> > I would like to use nginx 1.2.1 with TLS SNI support to proxy SMTP
> > submission for several different domains over SSL. I would expect that if I
> > configure multiple servers with different server names that a TLS v1 client
> > will select the correct one through SNI. However I always get the first
> > certificate regardless of the hostname specified in ClientHello.
> > 
> > Is there something wrong with my config?
> > 
> The problem is that TLS SNI currently is not supported in mail proxy.

If someone needs TLS SNI with SMTP right now, Exim supports this.  It's
not designed to be as scalable as nginx in performance, but it does okay
for most folks' purposes.

(Support added in 4.80, released 2012-05-31; 4.80.1 is current)

More information about the nginx mailing list