steve at greengecko.co.nz
Mon Jun 1 05:01:09 UTC 2015
On 31/05/15 11:58, dethegeek wrote:
> I'm setting up nginx as a reverse proxy for a postfix / dovecot setup.
> My imap server requires STARTTLS usage. Nginx seems to not issue STARTTLS
> command before forwarding users credentials.
> Here is the error I found in /var/log/nginx/error.log
> [error] 928#0: *20 upstream sent invalid response: "* BAD [ALERT] Plaintext
> authentication not allowed without SSL/TLS, but your client did it anyway.
> If anyone was listening, the password was exposed.
> I did not found anything in the documentation to ask nginx to issue STARTTLS
> command to the upstream server. Is there a way to achieve this ?
> I did not tried pop3 yet, but I'm expecting the same annoyance. and the same
> answer; let me know if I'm wrong.
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259279,259279#msg-259279
Try the wiki. Specifically
Steve Holdoway BSc(Hons) MIITP
More information about the nginx