Aug 312012
 

It’s been a long times since i wrote my last article, i’ve been bussy with real life things.
As usual, I’ll get right to the subject of how to configure nginx as POP3/IMAP proxy server.

Nginx IP                 = 192.168.1.1
Postfix User Database IP = 192.168.1.5 (postfix + courier server + apache backend)

nginx server configuration

mail {
    server_name mail-proxy.example.com;
    # apache external backend
    auth_http  192.168.1.5:8081/auth.php;
    proxy  on;
    proxy_pass_error_message on;

    imap_capabilities "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL +" "QUOTA";

    pop3_auth plain apop cram-md5;
    pop3_capabilities "LAST" "TOP" "USER" "PIPELINING" "UIDL";

    ssl_certificate /etc/nginx/ssl_keys/db.mail-proxy.crt;
    ssl_certificate_key /etc/nginx/ssl_keys/db.mail-proxy.key;
    ssl_session_timeout 5m;
    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;

    server {
      listen      143;
      protocol    imap;
      starttls    on;
      auth_http_header X-Auth-Port 143;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }

    server {
      protocol    pop3;
      listen      110;
      starttls    on;
      pop3_auth   plain;
      auth_http_header X-Auth-Port 110;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }

    server {
      listen      993;
      ssl         on;
      protocol    imap;
      auth_http_header X-Auth-Port 993;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }

    server {
      protocol    pop3;
      listen      995;
      ssl         on;
      pop3_auth   plain;
      auth_http_header X-Auth-Port 995;
      auth_http_header User-Agent "Nginx POP3/IMAP4 proxy";
    }
}

Continue reading »

Dec 042009
 

I own this beautiful K800i phonecell about 3 years more or less. The great things is K800i’s email client support for smtp authentication, imap, pop3, ssl, tls, port customization. I will show you how to plant my self signed smtp server certificate into K800i

First of all we need to copy the certificate to have a .cer extension. The phone uses this as the clue that the file is a certificate and will ask if it is to be installed.

Self signed cert for ougoing SMTP

# cd /etc/postfix
# cp cacert.pem smtp.cer
# more smtp.pem   
-----BEGIN CERTIFICATE-----
MIIDvzCCAyigAwIBAgIJAK6WD/vgjFZcMA0GCSqGSIb3DQEBBAUAMIGcMQswCQYD
VQQGEwJJRDEUMBIGA1UECBMLREtJIEpha2FydGExEDAOBgNVBAcTB0pha2FydGEx
---- snip ----
---- snip ----
---- snip ----
jUSsVnNPHYewsKdKRfzoivMqQgI+IIzw5NXiE78lpmAsZOdMfkR4U+dpTr87mCmE
wcBi07++mqLhDvYvcGw4ol1Yp7sX4NgMbTrZ6APpaI8l4Rx4jb2p7UXU0YGx7aPV
idZr
-----END CERTIFICATE-----

Continue reading »