Back to Community Threads
IMAP/POP/SMTP Proxy
Question asked by Tan - 9/27/2025 at 11:02 PM
Answered
T
Hi All,
Recently some of our cilent are having network connectivity issues due to remote ISP and I am thinking of deploying proxy server within the country and proxy it out.

Any supported proxy method like using Nginx?

Thanks!
Andrew Barker Replied
9/29/2025 at 7:11 AM
Employee Post Marked As Answer
The latest SmarterMail does support designating authorized proxies. All you need to do is create an entry in the whitelist with the TCP Proxy toggle enabled. This option uses version 1 of the proxy protocol that was first specified by HA Proxy; I believe that Nginx also supports this proxy protocol.

Keep in mind that adding an allowed proxy means that all TCP connections must go through a proxy, due to the way the proxy protocol works.
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
T
Tan Replied
9/30/2025 at 4:40 AM
I cant seems to find in the documentation area. Can let me know the link.

Thanks
Andrew Barker Replied
9/30/2025 at 7:39 AM
Employee Post
Information about the TCP Proxy setting is available in our online help documentation, under Help for SystemAdministrators > Settings > Blacklist / Whitelist. Here's a link to the appropriate page:
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
D
Douglas Foster Replied
9/30/2025 at 9:49 AM
This is problematic.    My internal users are not routed through a WAF/proxy, but external users will be.   If an external user causes a login failure, it is important that the external user's address get blocked, not the proxy address.

I should not have to route my internal users through the proxy to be protected myself from external users.   External users need different controls than internal users, and proxy SHOULD be a way to get that accomplished.
C
CLEBER SAAD Replied
9/30/2025 at 11:06 AM
@Douglas, it's possible to do this. You need the postix + dovecot + fail2ban. Postfix to receive the connection, authenticate using saslauthd (with rimap) in local dovecot and that make a imap proxy to SM. And put fail2ban looking the postfix and dovecot logs to made the block's in the local firewall. In the SM only put the server Ip address in whitelist to prevent blocks and receive the message in SMTP withou authentication.
D
Douglas Foster Replied
9/30/2025 at 1:58 PM
@Cleber
Nice to know, but a complicated solution to a simple design mistake.   I have looked at Postfix documentation.   Impressive product, but intimidating to learn, especially for a guy who has never use much Linux.   We will see what ST development is willing to do.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
Manually Securing SmarterMail Using Let's Encrypt and Certify the WebSmarterMail > Installation and Configuration
Integrating Google Apps with SmarterMailSmarterMail > Domain/User Configuration and Management
Setting Up Two-Step Authentication (2FA, MFA, etc.)SmarterMail > Desktop and Mobile Synchronization