• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Solving the shared hosting TLS mail problem with NGINX mail proxy

Niek_Beernink

Plesk Certified Professional
Plesk Certified Professional
Mail clients have been looking for a valid TLS certificate by default for a while now, however an smtp mail server such as postfix only supports one single certificate per server and doesn't know SNI like dovecot does. So we're dependant on the upstream software suppliers for SNI support. This creates a problem for customers looking to use smtp.example.org as their mail hosts on shared hosting servers and requires us to instruct the customer to:

  1. Disable TLS if client insists of using smtp.example.org (bad)
  2. Change the smtp hostname to the server hostname (okay but requires a client change if the subscription is ever moved to another server)

I was wondering if anyone ever tried using NGINX as a mail proxy for shared hosting domains on plesk.

What would be needed for this?
  • A recompile of NGINX to add mail support. (nginx -V does not currently show mail support)
  • Some way to instruct plesk to add a config in nginx to route mail from the nginx mail proxy, remove the SSL and continue onto to the local mail server.
  • A HTTP authentication server or script that can talk to dovecot & postfix.
 
Thanks Brujo, my experience with that is that it'll take a long while before it will be implemented. I also think that the tools are pretty much present already so it might not be such a hard thing to do. I'll try and see if I can get it to work somehow as soon as I find some spare time. :)
 
my experience with that is that it'll take a long while before it will be implemented.
on one hand of course you are right, but anyway it would be a chance to get it someday implemented as standard for the comunity and it worth to do it.
 
Back
Top