Docker Mailcow: Nginx as Mail reverse proxy to docker container images using SMTP, POP3 and IMAP

Question

On my server I am running a mailcow:dockerized solution on a debian server and I want to use the nginx not only as an http reverse proxy but also as an SMTP imap and pop3 too as seen in https://www.nginx.com/resources/admin-guide/mail-proxy/

But the further I read in the link the difficult it becomes to figure out how this will be done. In http it is obvious how this will be done:

 server {
   listen 80;
   server_name mail.example.tk;

   location /.well-known {
        proxy_pass http://127.0.0.1:8080/.well-known ;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 100m;

   }

   location / {
        rewrite ^(.*) https://$server_name$1 permanent;
   }

}

server {
 listen 443 ssl;
 server_name mail.example.tk;

 ssl_certificate     /opt/docker-mailcow/data/assets/ssl/cert.pem;
 ssl_certificate_key /opt/docker-mailcow/data/assets/ssl/key.pem;
 ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers         HIGH:!aNULL:!MD5;


 location / {
        proxy_pass http://127.0.0.1:8080/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 100m;
 }

}

But using smtp, pop3 and imap how will this be done? Please keep in ming that the docker images run on the same server with nginx and these are:

827c20cee898        mailcow/dovecot:1.0     "/docker-entrypoin..."   50 minutes ago      Up 50 minutes             24/tcp, 10001/tcp, 0.0.0.0:2110->110/tcp, 0.
76a977a8064e        mailcow/postfix:1.0     "/bin/sh -c 'exec ..."   50 minutes ago      Up 50 minutes             588/tcp, 0.0.0.0:2525->25/tcp, 0.0.0.0:2465-

Any ideas?

Answer 1

Based on comments, it sounds like the question is around the HTTP authentication server for the mail proxy. The bit of of the guide talks about this:

Each POP3/IMAP/SMTP request from the client will be first authenticated on an external HTTP authentication server or by an authentication script. Having an authentication server is obligatory for NGINX mail server proxy. The server can be created by yourself in accordance with the NGINX authentication protocol which is based on the HTTP protocol.

It links to http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol which goes further into what the request and response should look like. It gives this as a request example:

GET /auth HTTP/1.0
Host: localhost
Auth-Method: plain # plain/apop/cram-md5/external
Auth-User: user
Auth-Pass: password
Auth-Protocol: imap # imap/pop3/smtp
Auth-Login-Attempt: 1
Client-IP: 192.0.2.42
Client-Host: client.example.org

This is what your auth_http server will receive. Then, your auth_http server will need to respond with something like:

HTTP/1.0 200 OK
Auth-Status: OK
Auth-Server: 198.51.100.1
Auth-Port: 143

The response from your server contains the server IP and port that the request will be proxied to.

Unfortunately, they don't give any example HTTP server or code to run. However, I found another article that gives a PHP server script as an example at https://www.nginx.com/resources/wiki/start/topics/examples/imapauthenticatewithapachephpscript/.