Nginx as reverse proxy mail server host

siva.pannier nginx-forum at forum.nginx.org
Thu Jul 2 18:20:59 UTC 2020


Hi, 

I am trying to proxy a SMTP server on Nginx using the below configuration. I
want all the client calls to hit the SMTP server via my proxy host. I want
the SSL termination on nginx for the client calls to the SMTP Server.

When I do the connection getting below exception even before the SSL
handshake.. Please correct me if I am wrong anywhere. 

Without SSL directive & Properties in nginx.conf, it works fine and able to
do SSL handshake as well. Not sure how it would be a SSL connection, without
the SSL directive and SSL properties.

Java Error
########
javax.mail.MessagingException: Could not connect to SMTP host: localhost,
port: 3001, response: -1
	at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2197)
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:740)
	at javax.mail.Service.connect(Service.java:388)
	at javax.mail.Service.connect(Service.java:246)
	at javax.mail.Service.connect(Service.java:195)
	at javax.mail.Transport.send0(Transport.java:254)
	at javax.mail.Transport.send(Transport.java:124)
	at com.att.client.smtp.SMTPTestClient.main(SMTPTestClient.java:50)

nginx.conf
########
stream{
    upstream smtp_backend {
                least_conn;
		server smtp.gmail.com:587;
         }
	
	server {
        listen        3001 ssl;
        proxy_pass    smtp_backend;
		
	ssl_certificate       C:/nginx-selfsigned.crt;
	ssl_certificate_key   C:/nginx-selfsigned.key;
        ssl_protocols         SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers           ALL;
	#ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_cache     shared:SSL:20m;
        ssl_session_timeout   4h;
        ssl_handshake_timeout 30s;			
    }
}

Java client code
#############
..
..
        Properties prop = new Properties();
	//prop.put("mail.smtp.host", "smtp.gmail.com");
	prop.put("mail.smtp.host", "localhost");
 	//prop.put("mail.smtp.port", "587");
	prop.put("mail.smtp.port", "3001");
        prop.put("mail.smtp.auth", "true");
        prop.put("mail.smtp.starttls.enable", "true"); //TLS
        //prop.put("mail.smtp.starttls.required", "true");
        
        Session session = Session.getInstance(prop,
                new javax.mail.Authenticator() {
                    protected PasswordAuthentication
getPasswordAuthentication() {
                        return new PasswordAuthentication(username,
password);
                    }
                });

        try {

            Message message = new MimeMessage(session);
            message.setFrom(new InternetAddress("siva.pannier at gmail.com"));
            message.setRecipients(
                    Message.RecipientType.TO,
                    InternetAddress.parse("siva.pannier at in.ibm.com")
            );
            message.setSubject("Testing Gmail TLS from nginx");
            message.setText("Dear Mail Crawler,"
                    + "\n\n Please do not spam my email!");

            Transport.send(message);

            System.out.println("Done");
...
....

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288532,288532#msg-288532



More information about the nginx mailing list