Question Solving the shared hosting TLS mail problem with NGINX mail proxy

[Niek_Beernink]

Mail clients have been looking for a valid TLS certificate by default for a while now, however an smtp mail server such as postfix only supports one single certificate per server and doesn't know SNI like dovecot does. So we're dependant on the upstream software suppliers for SNI support. This creates a problem for customers looking to use smtp.example.org as their mail hosts on shared hosting servers and requires us to instruct the customer to:

1. Disable TLS if client insists of using smtp.example.org (bad)
2. Change the smtp hostname to the server hostname (okay but requires a client change if the subscription is ever moved to another server)

I was wondering if anyone ever tried using NGINX as a mail proxy for shared hosting domains on plesk.

What would be needed for this?

• A recompile of NGINX to add mail support. (nginx -V does not currently show mail support)
• Some way to instruct plesk to add a config in nginx to route mail from the nginx mail proxy, remove the SSL and continue onto to the local mail server.
• A HTTP authentication server or script that can talk to dovecot & postfix.

 

[Brujo]

perhaps you take into consider to suggest your idea at the plesk uservoice Feature Suggestions: Top (1481 ideas) – Your Ideas for Plesk

 

[Niek_Beernink]

Thanks Brujo, my experience with that is that it'll take a long while before it will be implemented. I also think that the tools are pretty much present already so it might not be such a hard thing to do. I'll try and see if I can get it to work somehow as soon as I find some spare time.

 

[MarkM]

I'm actually intrigued by this idea. I'll give it a go.

 

[Brujo]

my experience with that is that it'll take a long while before it will be implemented.

on one hand of course you are right, but anyway it would be a chance to get it someday implemented as standard for the comunity and it worth to do it.