mail proxy to 3rd party using ssl
Maxim Dounin
mdounin at mdounin.ru
Tue Sep 3 12:01:41 UTC 2013
Hello!
On Tue, Sep 03, 2013 at 01:22:36AM -0400, rmombassa wrote:
> I am setting up nginx as POP3 mail proxy to two 3rd party mail servers.
> Different domains, one of them uses SSL.
>
> Since I do not have that 3rd party's SSL certificate I use my own company
> certificate in nginx. That cert is properly signed but obviousy belongs to
> another domain (our domain).
>
> If I connect to the non-ssl server through nginx all works fine (port 110 on
> nginx and 3rd party server).
>
> If I connect to the ssl domain through nginx (port 995 on nginx and 3rd
> party server) I seem to not get a response from the 3rd party server. The
> authentication routine on connection establishment is properly called by
> nginx (correct uname/pw) and it returns that the user is OK (correct 3rd
> party IP address is returned as well).
>
> Using the email client without proxy works fine, meaning: uname/pw are
> correct.
>
> Questions:
> - Is such configuration possible at all (ssl to 3rd party server without
> having that server's certificate installed on nginx)?
> - Is nginx in this configurtion a man-in-the middle? Could that be a
> problem?
> - Any idea how to further debug?
The main problem you are facing right now is that nginx doesn't
support SSL mail backends.
And as far as I understand the description of what you are trying to
do, it's a MITM, and it's not going to work unless you control
clients and can convince them to accept your certificate. But
it's likely not a problem as you already have everything working
with non-ssl backends.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx
mailing list