mail proxy to 3rd party using ssl

Maxim Dounin mdounin at mdounin.ru
Tue Sep 3 12:01:41 UTC 2013


Hello!

On Tue, Sep 03, 2013 at 01:22:36AM -0400, rmombassa wrote:

> I am setting up nginx as POP3 mail proxy to two 3rd party mail servers.
> Different domains, one of them uses SSL.
> 
> Since I do not have that 3rd party's SSL certificate I use my own company
> certificate in nginx. That cert is properly signed but obviousy belongs to
> another domain (our domain).
> 
> If I connect to the non-ssl server through nginx all works fine (port 110 on
> nginx and 3rd party server).
>  
> If I connect to the ssl domain through nginx  (port 995 on nginx and 3rd
> party server) I seem to not get a response from the 3rd party server. The
> authentication routine on connection establishment is properly called by
> nginx (correct uname/pw) and it returns that the user is OK (correct 3rd
> party IP address is returned as well).
> 
> Using the email client without proxy works fine, meaning: uname/pw are
> correct.
> 
> Questions:
> - Is such configuration possible at all (ssl to 3rd party server without
> having that server's certificate installed on nginx)?
> - Is nginx in this configurtion a man-in-the middle? Could that be a
> problem?
> - Any idea how to further debug?

The main problem you are facing right now is that nginx doesn't 
support SSL mail backends.

And as far as I understand the description of what you are trying to 
do, it's a MITM, and it's not going to work unless you control 
clients and can convince them to accept your certificate.  But 
it's likely not a problem as you already have everything working 
with non-ssl backends.

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx mailing list