Proxy mail server

[kennylajara]

Is your feature request related to a problem? Please describe.

I am trying to proxy a mailserver but the task seams to be impossible at the moment with NPM whit this is possible to do with Nginx.

Describe the solution you'd like

I'd like the option to stream proxy mail serves as described here: https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ I tried to stream the ports but the protocoles imap, smpt and pop3 are not supported by NPM.

Describe alternatives you've considered

The only alternative that I can think is manually configure the mailserver with the "Custom Nginx configuration" option but the reason why I am using NPM is because I don't know how to deal with Nginx directly.

[jc21]

While the version of Nginx (OpenResty) is built with mail extensions, this project doesn't really support this type of configuration as the nginx document describes. Certainly something that could be added in future, though I'd like to see more demand for it.

If anyone else is wanting this feature please add a thumbs up to @kennylajara's issue above.

[kennylajara]

Ok... so, meanwhile I am trying some workaround and need to mound my mailsever's .well-known directory with the proxy's .well-known directory but looks like the npm's .well-known directory is not being used. The .well-know directory that I found with some files is on the docker's overlay2 directory...

So... can you help me on that?

[dszymczuk]

I'm bumping this issue. Is it possible to mount .well-known folder into nginx-proxy-manager? I would like to use poste.io as my mail server, but to enable TLS certificate with let's encrypt I need to mount .well-known folder from poste.io. I don't know how to use /data/letsencrypt-acme-challenge folder correctly.

[chaptergy]

As a workaround: you could mount a file with an nginx mail block into /data/nginx/custom/root.conf. (See custom mountpoints)

[iamk3]

I am interested in this functionality as well!

@chaptergy would you provide an example or link to an example of how to add the mail block? I understand the location based on your previous link. There currently isn't a dir located at /data/nginx/custom/ to contain any conf files.

[chaptergy]

Well, you'll need to mount it into the docker container. So you would have to create a file on the host where docker is running, e.g. nginx-mail.conf with your desired nginx config. It could look something like this: ^{Example by @aitkar}

mail {
    server_name mail.example.com;
    auth_http   localhost:9000/cgi-bin/nginxauth.cgi;

    proxy_pass_error_message on;

    ssl                 on;
    ssl_certificate     /etc/ssl/certs/server.crt;
    ssl_certificate_key /etc/ssl/certs/server.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;

    server {
        listen     25;
        protocol   smtp;
        smtp_auth  login plain cram-md5;
    }

    server {
        listen    110;
        protocol  pop3;
        pop3_auth plain apop cram-md5;
}

     server {
        listen   143;
        protocol imap;
    }
}

Click to view note about certificates

> Note: Certificate files are usually located at the following locations. > ```nginx > ssl_certificate /etc/letsencrypt/live/npm-/fullchain.pem; > ssl_certificate_key /etc/letsencrypt/live/npm-/privkey.pem; > ``` > The `` can be found in the list of ssl certficates. In this case the `` would be `3`. > 

Then you have to edit you docker compose file to mount this file into the specific location inside the container and expose your ports:

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    [...]
    ports:
      # Expose the ports you need for your mail
      - '25:25'
      - '110:110'
      - '143:143'
      - [...]
    volumes:
      - /path/to/nginx-mail.conf:/data/nginx/custom/root.conf  # Add this line
      - [...]

[sanderlv]

Is there and progress on this implementation or fearure request? Would love to see this natively in NPM. Having my mail services beging NPM with an ssl cert. (The described docker tip is too complex for me to understand).

[vadikonline1]

Create with portainer:

Image: docker.io/mailserver/docker-mailserver:edge Ports: 25:25 143:143 465:465 587:587 993:993 Volume: contrainer: /etc/letsencrypt -> volume: (indicate the volume from npm where the certificates are included)
Network: hostname: mail DomainName: example.vom Environment variables: ENABLE_FAIL2BAN=1 SSL_TYPE=manual PERMIT_DOCKER=network ONE_DIR=1 ENABLE_POSTGREY=0 ENABLE_CLAMAV=0 ENABLE_SPAMASSASSIN=0 SPOOF_PROTECTION=0 FETCHMAIL_POLL=300 POSTGREY_AUTO_WHITELIST_CLIENTS=5 POSTGREY_DELAY=300 POSTGREY_MAX_AGE=35 POSTGREY_TEXT=Delayed by Postgrey SASLAUTHD_MECH_OPTIONS= SSL_CERT_PATH=/etc/letsencrypt/live/npm-X/fullchain.pem SSL_KEY_PATH=/etc/letsencrypt/live/npm-X/privkey.pem TLS_LEVEL=modern Container capabilities: NET_ADMIN SYS_PTRACE

After starting the container, apply the following commands in the console:

1. setup email add admin@example.com password (from adding accounts)
2. setup config dkim

[pacomarcilla]

I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.

All I've done is:

• Modify the docker-compose file to expose ports 25, 587 and 993.
• Recreate de container with the new docker-compose file.
• Redirect traffic from pfsense firewall through the NPM.
• Create a stream for each port pointing to the backend server.

All seems do work perfectly fine from the outside.

I do have some other streams for other services working but seems like mail ports are more sensible.

Hope it helps!

[quillfires]

I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.

All I've done is:

• Modify the docker-compose file to expose ports 25, 587 and 993.
• Recreate de container with the new docker-compose file.
• Redirect traffic from pfsense firewall through the NPM.
• Create a stream for each port pointing to the backend server.

All seems do work perfectly fine from the outside.

I do have some other streams for other services working but seems like mail ports are more sensible.

Hope it helps!

How did you do this?

[Smallinger]

if there any updates for this ?

[Baltimorepc]

i would love to get this working for me as i use my Asustor Nas and it has trouble getting certs. i would love to run my mail server thru my npm but i have not been able to get it to work

[manalishi70]

I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.

All I've done is:

• Modify the docker-compose file to expose ports 25, 587 and 993.
• Recreate de container with the new docker-compose file.
• Redirect traffic from pfsense firewall through the NPM.
• Create a stream for each port pointing to the backend server.

All seems do work perfectly fine from the outside.

I do have some other streams for other services working but seems like mail ports are more sensible.

Hope it helps!

I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.

All I've done is:

• Modify the docker-compose file to expose ports 25, 587 and 993.
• Recreate de container with the new docker-compose file.
• Redirect traffic from pfsense firewall through the NPM.
• Create a stream for each port pointing to the backend server.

All seems do work perfectly fine from the outside.

I do have some other streams for other services working but seems like mail ports are more sensible.

Hope it helps!

I try this by creating a proxy host my.domain.com:993 pointing to port 147 on the mailserver. Did you do it this way? It doesn't work for me

[Baltimorepc]

Thank you i will give this a try hopfully it will work as all my mail server is showing not trusted even though it is and my nextcloud or other services wont send emails because of it