On Thu, Jul 02, 2020 at 02:20:59PM -0400, siva.pannier wrote: Hi there,
> I am trying to proxy a SMTP server on Nginx using the below configuration. I > want all the client calls to hit the SMTP server via my proxy host. I want > the SSL termination on nginx for the client calls to the SMTP Server. Your config has nginx as an ssl-termination point, and nginx just sends the decrypted traffic to its upstream. The simplest way to prove that this works is probably to use a well-known working client, such as "openssl s_client -connect". > When I do the connection getting below exception even before the SSL > handshake.. Please correct me if I am wrong anywhere. There are two ways of doing ssl with smtp. One is to establish a ssl session, and then "speak" smtp through that -- that is what you have configured your nginx server to expect here. The other is to establish a smtp session, and then use the smtp command "starttls" to establish a ssl session -- that is what you have configured your client to do. Things fail because nginx is expecting to see a ssl session being established, but the client is expecting to see a smtp session being established. > Without SSL directive & Properties in nginx.conf, it works fine and able to > do SSL handshake as well. Not sure how it would be a SSL connection, without > the SSL directive and SSL properties. In this case, nginx is acting as a plain tcp forwarder; it does not know or care what is in the packet, it just copies it. Now your client connects to nginx, and nginx sends the content to your upstream. Your client says "starttls" and negotiates the ssl session with your upstream, not with nginx. What you have can work; but you must make sure that your design has the client and the server speaking the same protocol with each other. An alternative way of proxying smtp is described at https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ Good luck with it, f -- Francis Daly [email protected] _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
