Mail proxy with SNI
lblankers
nginx-forum at nginx.us
Fri Mar 29 21:30:21 UTC 2013
Hi,
I would like to use nginx 1.2.1 with TLS SNI support to proxy SMTP
submission for several different domains over SSL. I would expect that if I
configure multiple servers with different server names that a TLS v1 client
will select the correct one through SNI. However I always get the first
certificate regardless of the hostname specified in ClientHello.
Is there something wrong with my config?
mail {
auth_http 127.0.0.1/auth.php;
smtp_auth login plain;
smtp_capabilities "SIZE 10240000" "VRFY" "ETRN"
"ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
server {
listen 587;
server_name domain1.nl;
protocol smtp;
proxy on;
starttls only;
ssl_certificate /etc/nginx/ssl/domain1.crt;
ssl_certificate_key /etc/nginx/ssl/domain1.key;
}
server {
listen 587;
server_name domain2.com;
protocol smtp;
proxy on;
starttls only;
ssl_certificate /etc/nginx/ssl/domain2.crt;
ssl_certificate_key /etc/nginx/ssl/domain2.key;
}
}
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237967,237967#msg-237967
More information about the nginx
mailing list