Hello!
On Sat, Jan 06, 2024 at 11:03:47AM -0800, Jeff Kletsky wrote:
> I believe I have properly configured nginx v1.24.0 (open source) for
> IMAP proxy on FreeBSD 14.0. I am, however, unable to establish a TLS
> connection to the upstream server.
>
> I have confirmed that I
I believe I have properly configured nginx v1.24.0 (open source) for
IMAP proxy on FreeBSD 14.0. I am, however, unable to establish a TLS
connection to the upstream server.
I have confirmed that I can connect to the proxy with TLS and that the
auth server is called. The auth server returns
Hi list,
IMAP servers (dovecot, cyrus...) rely on SASL authentication.
The SASL specs let the client requests a different identity than the one
used for authentication.
RFC 3501 says : The authorization identity passed from the client to the
server during the authentication exchange is interpret
t logs the remote IP correctly, and not
127.0.0.1. So, I know my set-up us working fine.
However, there is a bug in SOGo, because the command is sent only after
authentication, and Dovecot logs the remote IP as 127.0.0.1.
Is there any way, by using nginx as an IMAP proxy, to inject the remote
I am setting up an nginx SMTP proxy and using XCLIENT to get the real
client info to the backend Postfix servers. I'm interested in also
using it for POP3 and IMAP to backend Dovecot servers - it looks like
Dovecot supports XCLIENT in POP3 and ID in IMAP to pass the same real
info. Is there any s
How exactly I can do a wireshark against ssl chart?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,276771,276783#msg-276783
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
I used tcpdump and ssldump
ssldump -nr /var/tmp/www-ssl-client.cap
New TCP connection #1: 52.166.193.38(14104) <-> 10.32.20.102(993)
1 1 0.0187 (0.0187) C>S Handshake
ClientHello
Version 3.3
resume [32]=
39 27 b8 51 63 0d 88 f5 47 fa 05 41 d0 b7 ac 3e
On 10/09/17 09:45, bobykus wrote:
> Looks like since mid of Sept we can not use nginx as an imap(s) proxy for
> mobile outlook apps (both IOS and Android ).
> SSL handshake is just dropping like
Try to setup a test https site on the same nginx with the same ssl
setting and access this site using
Looks like since mid of Sept we can not use nginx as an imap(s) proxy for
mobile outlook apps (both IOS and Android ).
SSL handshake is just dropping like
2017/10/09 15:32:01 [debug] 30391#0: *184 accept: 52.166.246.73 fd:44
2017/10/09 15:32:01 [info] 30391#0: *184 client 52.166.246.73 connecte
for note, the client is saslauthd from cyrus-sasl package running with -a rimap
Цитирование Maxim Dounin :
> Hello!
> On Wed, Apr 06, 2016 at 06:32:25PM +0300, Дениска-редиска wrote:
> > Hello,
> >
> > looks like there is a bug in nginx 1.8.1 in mail proxy code which used for
> > authorizat
Hello!
On Wed, Apr 06, 2016 at 06:32:25PM +0300, Дениска-редиска wrote:
> Hello,
>
> looks like there is a bug in nginx 1.8.1 in mail proxy code which used for
> authorization:
> backslash becomes stripped from password when quoted in imap command:
>
> * OK IMAP4 ready
> p LOGIN "testdev" ",\R
respectivelly
nginx conf is as following:
mail {
server {
listen 127.0.0.1:143;
server_name mail.example.com;
auth_http 127.0.0.1:900/auth;
protocol imap;
proxy on;
}
}
___
nginx mai
>From what I can see in the forum archives, the mail/imap proxy does not
support encrypted connections to a backend imap server. This still appears
to be the case with the latest mainline version. Are there any plans to add
that? It would be really great if our nginx imap proxy server co
Hello!
On Fri, Nov 07, 2014 at 03:34:48PM +0100, Andrea wrote:
> Hello,
> I'm using with satisfaction nginx as pop3 and imap proxy of 4/5 mailservers.
>
> I have just one problem:
> when one server is down, nginx can't authenticate the user and the user
> mail clien
Hello,
I'm using with satisfaction nginx as pop3 and imap proxy of 4/5 mailservers.
I have just one problem:
when one server is down, nginx can't authenticate the user and the user
mail client request the password as if it's wrong.
Without nginx, if one server is down, the user jus
Hi Falko
On 23/10/14 12:26, Falko Koenig wrote:
> Thank you for your help. These options we have already tried. We had the
> same problem using a socket and increasing the option
> net.ipv4.ip_local_port_range didn't help. In the setup we're already
> using loadbalancer to balance the traffic on d
Hi Dominic,
> On 23/10/14 10:32, Dominic wrote:
>
> Dear Falko
>
> My random guess.
>
> Linux has a maximum of open connections.
> You can get the number by the following command:
>
> sysctl net.ipv4.ip_local_port_range
> > net.ipv4.ip_local_port_range = 3276861000
>
> The default on my host a
Dear Falko
On 23/10/14 09:06, Falko Koenig wrote:
> Hello,
>
> we are using nginx as imap and pop3 proxy with a ldap database querying
> the correct destination server for the user. LDAP Requests are realized
> by a perl script for using different LDAP servers. We have noticed that
> nginx has te
Hello,
we are using nginx as imap and pop3 proxy with a ldap database querying
the correct destination server for the user. LDAP Requests are realized
by a perl script for using different LDAP servers. We have noticed that
nginx has temporarily timeouts querying the LDAP server. The timeouts
occur
Hello!
On Mon, Jan 20, 2014 at 05:31:30PM -0500, bidwell wrote:
> I have nginx proxying imap and pop between 3 different backend servers, but
> it seems to be limited to about 210 concurrent connections. Requests beyond
> this get a connection timed out. I tried adding more worker processes but
I have nginx proxying imap and pop between 3 different backend servers, but
it seems to be limited to about 210 concurrent connections. Requests beyond
this get a connection timed out. I tried adding more worker processes but
that didn't do anything. I have multi_accept on and have raised the nu
Hello!
On Wed, Dec 11, 2013 at 01:12:26PM -0500, volga629 wrote:
> Hello Maxim,
> Usually is normal setup of EOip tunnels though transport ipsec (transparent
> lan). And from security prospective the most bigger threat is coming from
> inside. Outside intrusion possible, but it match more compli
Hello Maxim,
Usually is normal setup of EOip tunnels though transport ipsec (transparent
lan). And from security prospective the most bigger threat is coming from
inside. Outside intrusion possible, but it match more complicated.
I confirm that plain 143 proxy working good. I just wonder about thi
o sniff traffic for plain 143. Is no really big sense to
> use proxy for services located on same physical server.
The imap proxy is to route clients to different backend servers in
a big farm, typically sitting on the same non-hostile network with
the proxy.
If for some reason you are using b
Hello Maxim,
Thank you for answer.
When user connect to proxy with SSL on backend it get destibuted in clear
text ? If final server is DR server which another part of the world, there
a lot of places to sniff traffic for plain 143. Is no really big sense to
use proxy for services located on same
Hello!
On Thu, Dec 05, 2013 at 10:51:04AM -0500, volga629 wrote:
> Hello Everyone,
> Is mail imap proxy supports SSL or STARTTLS for connections to backend
> server ?
No. SSL/STARTTLS is only supported for client connections. Backend
network is assumed to be non-hostile.
--
Max
Hello Everyone,
Is mail imap proxy supports SSL or STARTTLS for connections to backend
server ?
Slava.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,245255,245255#msg-245255
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org
27 matches
Mail list logo
