IMAP/POP/SMTP Proxy
Question asked by Tan - 9/27/2025 at 11:02 PM
Answered
Hi All,
Recently some of our cilent are having network connectivity issues due to remote ISP and I am thinking of deploying proxy server within the country and proxy it out.

Any supported proxy method like using Nginx?

Thanks!
Andrew Barker Replied
Employee Post Marked As Answer
The latest SmarterMail does support designating authorized proxies. All you need to do is create an entry in the whitelist with the TCP Proxy toggle enabled. This option uses version 1 of the proxy protocol that was first specified by HA Proxy; I believe that Nginx also supports this proxy protocol.

Keep in mind that adding an allowed proxy means that all TCP connections must go through a proxy, due to the way the proxy protocol works.
Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
Tan Replied
I cant seems to find in the documentation area. Can let me know the link.

Thanks
Andrew Barker Replied
Employee Post
Information about the TCP Proxy setting is available in our online help documentation, under Help for SystemAdministrators > Settings > Blacklist / Whitelist. Here's a link to the appropriate page:

Andrew Barker Software Developer SmarterTools Inc. www.smartertools.com
Douglas Foster Replied
This is problematic.    My internal users are not routed through a WAF/proxy, but external users will be.   If an external user causes a login failure, it is important that the external user's address get blocked, not the proxy address.

I should not have to route my internal users through the proxy to be protected myself from external users.   External users need different controls than internal users, and proxy SHOULD be a way to get that accomplished.
CLEBER SAAD Replied
@Douglas, it's possible to do this. You need the postix + dovecot + fail2ban. Postfix to receive the connection, authenticate using saslauthd (with rimap) in local dovecot and that make a imap proxy to SM. And put fail2ban looking the postfix and dovecot logs to made the block's in the local firewall. In the SM only put the server Ip address in whitelist to prevent blocks and receive the message in SMTP withou authentication.
Douglas Foster Replied
@Cleber
Nice to know, but a complicated solution to a simple design mistake.   I have looked at Postfix documentation.   Impressive product, but intimidating to learn, especially for a guy who has never use much Linux.   We will see what ST development is willing to do.

Reply to Thread

Enter the verification text