Mail proxy with SNI

lblankers nginx-forum at nginx.us
Fri Mar 29 21:30:21 UTC 2013


Hi,

I would like to use nginx 1.2.1 with TLS SNI support to proxy SMTP
submission for several different domains over SSL. I would expect that if I
configure multiple servers with different server names that a TLS v1 client
will select the correct one through SNI. However I always get the first
certificate regardless of the hostname specified in ClientHello.

Is there something wrong with my config?

mail {
        auth_http       127.0.0.1/auth.php;

        smtp_auth               login plain;
        smtp_capabilities       "SIZE 10240000" "VRFY" "ETRN"
"ENHANCEDSTATUSCODES" "8BITMIME" "DSN";

        server {
                listen                  587;
                server_name             domain1.nl;
                protocol                smtp;
                proxy                   on;
                starttls                only;
                ssl_certificate         /etc/nginx/ssl/domain1.crt;
                ssl_certificate_key     /etc/nginx/ssl/domain1.key;
        }

        server {
                listen                  587;
                server_name             domain2.com;
                protocol                smtp;
                proxy                   on;
                starttls                only;
                ssl_certificate         /etc/nginx/ssl/domain2.crt;
                ssl_certificate_key     /etc/nginx/ssl/domain2.key;
        }

}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237967,237967#msg-237967



More information about the nginx mailing list