• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Solving the shared hosting TLS mail problem with NGINX mail proxy

Niek_Beernink

Niek_Beernink

Plesk Certified Professional
Plesk Certified Professional
Mail clients have been looking for a valid TLS certificate by default for a while now, however an smtp mail server such as postfix only supports one single certificate per server and doesn't know SNI like dovecot does. So we're dependant on the upstream software suppliers for SNI support. This creates a problem for customers looking to use smtp.example.org as their mail hosts on shared hosting servers and requires us to instruct the customer to:

  1. Disable TLS if client insists of using smtp.example.org (bad)
  2. Change the smtp hostname to the server hostname (okay but requires a client change if the subscription is ever moved to another server)

I was wondering if anyone ever tried using NGINX as a mail proxy for shared hosting domains on plesk.

What would be needed for this?
  • A recompile of NGINX to add mail support. (nginx -V does not currently show mail support)
  • Some way to instruct plesk to add a config in nginx to route mail from the nginx mail proxy, remove the SSL and continue onto to the local mail server.
  • A HTTP authentication server or script that can talk to dovecot & postfix.
 
Thanks Brujo, my experience with that is that it'll take a long while before it will be implemented. I also think that the tools are pretty much present already so it might not be such a hard thing to do. I'll try and see if I can get it to work somehow as soon as I find some spare time. :)
 
Niek_Beernink said:
my experience with that is that it'll take a long while before it will be implemented.
Click to expand...
on one hand of course you are right, but anyway it would be a chance to get it someday implemented as standard for the comunity and it worth to do it.
 
You must log in or register to reply here.

Similar threads

P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
2K
mow
M
Polli
Issue Getting DANE working
2
Replies
33
Views
3K
Polli
Polli
B
Question Reverse Proxy Setup: VPS + Mikrotik DDNS – Feeling Lost
Replies
1
Views
1K
iberium456
I
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
607
flederwiesel
flederwiesel
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
413
W4ru
W
Back
Top