I setup an Nginx proxy server to provide SMTP/POP/IMAP authentication to upsteam servers either on Smartermail or cPanel. I am able to get SMTP/POP working on both Smartermail and cPanel, however, I aways get "unable to log in at server, Probably wrong configuration, username and password" when testing IMAP with or without SSL in Thurderbird. At soon as I switch upstream server to cPanel, the same IMAP config works just fine.
Thank you for any input.
Smartermail IMAP log shows I was logged in:
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] response: * OK IMAP4rev1 SmarterMail
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] connected at 1/8/2024 5:08:32 PM
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] command: 37 LOGIN XXXX
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] response: + Ready
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] response: + Ready
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] response: 37 OK LOGIN completed
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] user@mydomain.com logged in
[2024.01.08] 17:08:32.415 [my_server_ip][60180361] disconnected at 1/8/2024 5:08:32 PM
Nginx log (no errors):
127.0.0.1 - - [08/Jan/2024:16:30:58 -0800] "GET /nginxmailauth.php HTTP/1.0" 200 0 "-" "mail.myserverdomain.com Secure IMAP 993 proxy"
127.0.0.1 - - [08/Jan/2024:16:30:58 -0800] "GET /nginxmailauth.php HTTP/1.0" 200 0 "-" "mail.myserverdomain.com Secure IMAP 993 proxy"
127.0.0.1 - - [08/Jan/2024:17:08:22 -0800] "GET /nginxmailauth.php HTTP/1.0" 200 0 "-" "mail.myserverdomain.com Secure IMAP 143 proxy"
127.0.0.1 - - [08/Jan/2024:17:08:22 -0800] "GET /nginxmailauth.php HTTP/1.0" 200 0 "-" "mail.myserverdomain.com Secure IMAP 143 proxy"
Thunderbird IMAP test screenshot:
My Nginx Mail config block:
mail {
server_name mail.myserverdomain.com;
auth_http http://localhost:8080/nginxmailauth.php;
proxy_pass_error_message on;
imap_capabilities "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA";
#imap_capabilities "IMAP4rev1" "AUTH=CRAM-MD5" "AUTH=NTLM" "AUTH=PLAIN" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA" "SASL-IR" "MOVE" "XLIST" "CHILDREN" "ENABLE" "CONDSTORE" "X-SM-TAGS";
pop3_capabilities "LAST" "TOP" "USER" "PIPELINING" "UIDL";
smtp_capabilities "SIZE 10485760" "ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
imap_auth plain login cram-md5;
pop3_auth plain apop cram-md5;
smtp_auth login plain cram-md5;
#imap_client_buffer 8k;
xclient off;
# The SSL part can be put in a separate configuration file,
# e.g., in the case of an SSL offloader / caching proxy.
# In that case, only the ssl_certificate* needs to be set here (or in server block.)
# The config assumes certificates in /etc/nginx/ssl/ and
# private keys in /etc/nginx/ssl/private/
# ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## default SSL cert. Each host should have its own.
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
# SMTP settings
server {
protocol smtp;
listen my_server_ip:25;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 25;
auth_http_header User-Agent "mail.myserverdomain.com SMTP 25 proxy";
}
server {
protocol smtp;
listen my_server_ip:587;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 587;
auth_http_header User-Agent "mail.myserverdomain.com SMTP 587 proxy";
}
server {
protocol smtp;
listen my_server_ip:465 ssl;
proxy on;
proxy_smtp_auth on; # <- enable native SMTP AUTH, newer nginx ver support this
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 465;
auth_http_header User-Agent "mail.myserverdomain.com Secure SMTP 465 proxy";
}
## IMAP Settings
server {
protocol imap;
listen my_server_ip:143;
proxy on;
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 143;
auth_http_header User-Agent "mail.myserverdomain.com Secure IMAP 143 proxy";
}
server {
protocol imap;
listen my_server_ip:993 ssl;
proxy on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 993;
auth_http_header User-Agent "mail.myserverdomain.com Secure IMAP 993 proxy";
}
## POP Settings
server {
protocol pop3;
listen my_server_ip:110;
proxy on;
starttls on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 110;
auth_http_header User-Agent "mail.myserverdomain.com Secure POP 110 proxy";
}
server {
protocol pop3;
listen my_server_ip:995 ssl;
proxy on;
ssl_certificate /etc/letsencrypt/live/mail.myserverdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.myserverdomain.com/privkey.pem;
auth_http_header X-Auth-Port 995;
auth_http_header User-Agent "mail.myserverdomain.com Secure POP 995 proxy";
}
}