SMTP Proxy - STARTTLS offer on per IP base

ramber nginx-forum at
Mon Aug 19 12:48:28 UTC 2019

Hello list,

We've setup a nginx reverse smtp proxy to load balance incoming access to
our mailservers.
Everything is fine... until 

Some remote sites have broken tls setups and can't deliver mails anymore.
Some didn't accept Let's Encrypt as CA for instance.
Now I'm searching a way to not provide STARTTLS to them. 
The AUTH Methode is to late here because it will be started after "rcpto
Is there way to call an "Auth Script" after Client-Helo and decide whether
dto send STARTTLS Option or not?

I know i can do some redirect with the firewall but i would like to add some
logic to the desition to provide STARTTLS or not.

Tnx for reading .

Posted at Nginx Forum:,285338,285338#msg-285338

More information about the nginx mailing list