root/srvrevproxy02_nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SMTP stream proxy configuration for ports 587/465 with Let's Encrypt TLS

Browse Source
This commit is contained in:
root
2026-01-23 11:05:49 +01:00
parent ef16045880
commit a8c0574ed6
1 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
nginx.conf
View File

@@ -1,3 +1,4 @@
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data; user www-data;
worker_processes auto; worker_processes auto;
pid /run/nginx.pid; pid /run/nginx.pid;
@@ -103,3 +104,60 @@ events {
# proxy on; # proxy on;
# } # }
#} #}
# Stream block for SMTP proxy with Let's Encrypt TLS termination
stream {
# Logging
log_format smtp_proxy '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time';
# Upstream mail server
upstream mail_submission {
server 10.0.0.21:587;
}
upstream mail_smtps {
server 10.0.0.21:465;
}
# SMTP Submission port (STARTTLS) - port 587
server {
listen 10.0.0.29:587 ssl;
proxy_pass mail_submission;
proxy_connect_timeout 10s;
# Let's Encrypt SSL certificate
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SMTP:10m;
ssl_session_timeout 10m;
access_log /var/log/nginx/mail-submission-access.log smtp_proxy;
error_log /var/log/nginx/mail-submission-error.log;
}
# SMTPS port (implicit TLS) - port 465
server {
listen 10.0.0.29:465 ssl;
proxy_pass mail_smtps;
proxy_connect_timeout 10s;
# Let's Encrypt SSL certificate
ssl_certificate /etc/letsencrypt/live/owa.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/owa.egonetix.de/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SMTPS:10m;
ssl_session_timeout 10m;
access_log /var/log/nginx/mail-smtps-access.log smtp_proxy;
error_log /var/log/nginx/mail-smtps-error.log;
}
}