Mail proxy with SNI

lblankers nginx-forum at nginx.us
Sat Mar 30 08:33:30 UTC 2013


On March 29, 2013 08:14PM Phil Pennock wrote:
> On 2013-03-30 at 02:24 +0400, Valentin V. Bartenev wrote:
> > On Saturday 30 March 2013 01:30:21 lblankers wrote:
> > > I would like to use nginx 1.2.1 with TLS SNI support to proxy SMTP
> > > submission for several different domains over SSL. I would expect that
if I
> > > configure multiple servers with different server names that a TLS v1
client
> > > will select the correct one through SNI. However I always get the
first
> > > certificate regardless of the hostname specified in ClientHello.
> > >
> > > Is there something wrong with my config?
> > >
> >
> > The problem is that TLS SNI currently is not supported in mail proxy.
> 
> If someone needs TLS SNI with SMTP right now, Exim supports this. It's
> not designed to be as scalable as nginx in performance, but it does okay
> for most folks' purposes.

Thanks for clearing that up. I would prefer to use nginx rather than switch

to Exim because I would like to use nginx to proxy IMAP using SSL SNI 
as well. Would it be possible to add SNI to the mail proxy?

I am doing this as a hobby project rather than professionally so getting 
multiple IPs in order to host multiple domains is prohibitively expensive. 
Both in one time cost (~ € 100) and recurring cost (€ 2.50 / month / IP). 
So if someone could suggest a cheaper solution (e.g. sponsoring a 
developer to add this feature) I would very much appreciate that.

Laurens

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237967,237972#msg-237972



More information about the nginx mailing list