1 Topic by heeter

  • heeter
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 74

Topic: Ports 993, 587, 25 behind proxy question?

Hi all,

Currently have my IredMail server ports 993, 587 and 25 directly behind my router.

I do have the IredMail ports 80/443 behind a Ubuntu22LTS nginx proxy server that also serves Letsencrypt certs.

Would it be recommended to move 993, 587, and 25 behind same proxy? If so, Would someone have a sample proxy nginx config file that I can use to create mine?

Regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu (edited by Cthulhu 2024-05-21 07:05:40)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 885

Re: Ports 993, 587, 25 behind proxy question?

nginx doesn't handle mailserver ports, so why should you even consider this?

aswell you mentioned router, so i guess you have a normal internet connection and try to run a mailserver behind this, this won't work since you cant set your PTR, its dynamic, and will cause a lot  of problems with mail delivarability

3 Reply by heeter

  • heeter
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 74

Re: Ports 993, 587, 25 behind proxy question?

Cthulhu wrote:

nginx doesn't handle mailserver ports, so why should you even consider this?

aswell you mentioned router, so i guess you have a normal internet connection and try to run a mailserver behind this, this won't work since you cant set your PTR, its dynamic, and will cause a lot  of problems with mail delivarability

Hi Cthulhu

Thank you for pointing this out, I reread my post, I should clarify my intended question: Would it be more secure to have these ports open behind a router than to have them redirected through a proxy? Would it make a difference?

As for a "normal internet" connection, I guess that I do have one, yes it's dynamic, and I have been using IredMail as my main mailserver since 2016. Use to use HMailserver prior to Iredmail (never like the fact that I had to use Windows with Hmail). Green checkmarks are still showing up at mxtoolbox site on DNS reverse lookup. Can be done.

4 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 110

Re: Ports 993, 587, 25 behind proxy question?

Cthulhu wrote:

nginx doesn't handle mailserver ports, so why should you even consider this?

aswell you mentioned router, so i guess you have a normal internet connection and try to run a mailserver behind this, this won't work since you cant set your PTR, its dynamic, and will cause a lot  of problems with mail delivarability

That is not entirely true. Nginx Reverse Proxy can be configured to Proxy SMTP & IMAP, problem with doing this is that the IPs from Receiving SMTP will not get pass through without adding a parameter to main.cf.

SPAM filtering will not work properly due to IP addresses not being pass through properly so would also require some tweaking.

Regards

5 Reply by jackb (edited by jackb 2024-05-24 23:36:14)

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 110

Re: Ports 993, 587, 25 behind proxy question?

heeter wrote:

Hi all,

Currently have my IredMail server ports 993, 587 and 25 directly behind my router.

I do have the IredMail ports 80/443 behind a Ubuntu22LTS nginx proxy server that also serves Letsencrypt certs.

Would it be recommended to move 993, 587, and 25 behind same proxy? If so, Would someone have a sample proxy nginx config file that I can use to create mine?

Regards

This is okay to do. Port Forward 80/443 for Nginx Reverse.

Port Forward 25. 587 and 993. I would not bother with Proxying SMTP & IMAP. You wouldn’t really gain much from this.

If you have one Static Public IP then I would suggest creating a separate VM for Nginx and configure it as a Reverse Proxy should not really run a Reverse Proxy on the same server it defeats the object.

Don’t neglect PTR (Pointer Record) for rDNS. This needs to be set by the ISP.

You also mentioned that your IP is Dynamic. I would not bother hosting a mail server with a Dynamic IP. Sending mail would require a PTR Record, sending mail would just get bounced back. I mean you could use DDNS & a SMTP relay service but no point.

Regards

6 Reply by heeter

  • heeter
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 74

Re: Ports 993, 587, 25 behind proxy question?

Great Thank you for your input, jackb

I will keep it at behind the router. Doesn't like the smtp/imap ports is worth moving it to behind the proxy.