nginx_mail_proxy authenticate to imap_ssl upstream ssl
Maxim Dounin
mdounin at mdounin.ru
Thu Jul 20 13:59:48 UTC 2017
Hello!
On Thu, Jul 20, 2017 at 09:17:02AM +0000, tom via nginx wrote:
> Hello list,
> I configured sucessfully the mail_proxy for nginx 1.10.2 von RHEL7, but authentication only succeeds if upstream server which is provided by the auth_http Server is cleartext, e.g. if the auth-server responds
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Status: OK"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Server: 192.168.0.200"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Port: 143"
> then everything works fine, but having
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Status: OK"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Server: 192.168.0.200"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Port: 993"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-SSL: on"
>
> I get
> 2017/07/20 11:03:47 [info] 9535#0: *49 upstream timed out (110: Connection timed out) while connecting to upstream, client: 192.168.0.200, server: 0.0.0.0:10993, login: "user at domain.com", upstream: 192.168.0.200:993
> When I directly do a
>
> openssl s_client -connect 192.168.0.200:993 -crlf
> I am able to login with
> . login user at domain.com password
>
> Any help is appreciated.
The "Auth-SSL" header is meaningful in auth_http requests, and
means that client used SSL. It doesn't mean anything in
auth_http responses.
Moreover, connecting to SSL mail backends is not supported. If you
really need it, consider connecting to a tunnel wich will do SSL
for you - for example, the stream module can be configured to do
this.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list