SMTP proxy with "STARTTLS only" accepts unencrypted mail

itpp2012 nginx-forum at forum.nginx.org
Wed Jun 5 20:37:43 UTC 2019


You might be better of with nginx stream to offload (ssl/tls), all of it is
then encrypted.

stream {
  upstream backendsmtp {
    server 192.168.3.32:25;
  }
  server {
    listen 1234 ssl;
    ssl_certificate /nginx/crts/global1.cert;
    ssl_certificate_key /nginx/crts/global1.key;
    include /nginx/conf/sslciphers.conf;
    proxy_pass backendsmtp;
....................

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,284426,284468#msg-284468



More information about the nginx mailing list