nginx_mail_proxy authenticate to imap_ssl upstream ssl

tom director_de at yahoo.de
Thu Jul 20 14:41:10 UTC 2017 

Hello Maxim,is there any way with the stream module to get the authentication failures reported? As I did not get the authentication failure in my nginx log when using the stream module, I switched to the mail module. But my Backend speaks only IMAP-SSL, therefore this does not work.Any help is appreciated,Best regards,Thomas
 

    Maxim Dounin <mdounin at mdounin.ru> schrieb am 15:59 Donnerstag, 20.Juli 2017:
 

 Hello!

On Thu, Jul 20, 2017 at 09:17:02AM +0000, tom via nginx wrote:

> Hello list,
> I configured sucessfully the mail_proxy for nginx 1.10.2 von RHEL7, but authentication only succeeds if upstream server which is provided by the auth_http Server is cleartext, e.g. if the auth-server responds
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Status: OK"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Server: 192.168.0.200"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Port: 143"
> then everything works fine, but having
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Status: OK"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Server: 192.168.0.200"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-Port: 993"
> 2017/07/20 11:02:47 [debug] 9535#0: *49 mail auth http header: "Auth-SSL: on"
> 
> I get 
> 2017/07/20 11:03:47 [info] 9535#0: *49 upstream timed out (110: Connection timed out) while connecting to upstream, client: 192.168.0.200, server: 0.0.0.0:10993, login: "user at domain.com", upstream: 192.168.0.200:993
> When I directly do a 
> 
> openssl s_client -connect 192.168.0.200:993 -crlf
> I am able to login with
> . login user at domain.com password
> 
> Any help is appreciated.

The "Auth-SSL" header is meaningful in auth_http requests, and 
means that client used SSL.  It doesn't mean anything in 
auth_http responses.

Moreover, connecting to SSL mail backends is not supported.  If you 
really need it, consider connecting to a tunnel wich will do SSL 
for you - for example, the stream module can be configured to do 
this.

-- 
Maxim Dounin
http://nginx.org/


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170720/1a503215/attachment.html>

More information about the nginx mailing list