Configuring nginx as a mail proxy server

A great use case for Nginx!

Configuring Nginx as a mail proxy server allows you to forward incoming email messages to a backend mail server, while also providing features like spam filtering, virus scanning, and content filtering. Here's a step-by-step guide to help you set up Nginx as a mail proxy server:

Prerequisites

Nginx version 1.13.0 or later
A backend mail server (e.g., Postfix, Sendmail, or Microsoft Exchange)
A Linux-based system (e.g., Ubuntu, CentOS, or Debian)

Step 1: Install Nginx

If you haven't already, install Nginx on your system. The installation process varies depending on your Linux distribution. For example, on Ubuntu, you can run:

sudo apt-get install nginx

Step 2: Configure Nginx

Create a new configuration file for Nginx mail proxying. You can do this by creating a new file in the /etc/nginx/conf.d/ directory (e.g., mail_proxy.conf):

sudo nano /etc/nginx/conf.d/mail_proxy.conf

Add the following configuration:

http {
   ...
    mail {
        server {
            listen 25;
            protocol smtp;
            proxy_pass localhost:2525;
            proxy_set_header X-Original-Recipient $proxy_recipient_address;
            proxy_set_header X-Original-Sender $proxy_sender_address;
        }
    }
}

Here's a brief explanation of the configuration:

listen 25: Nginx listens on port 25, the standard SMTP port.
protocol smtp: Nginx uses the SMTP protocol for mail proxying.
proxy_pass localhost:2525: Nginx forwards incoming email messages to the backend mail server listening on localhost:2525.
proxy_set_header X-Original-Recipient $proxy_recipient_address: Nginx sets the X-Original-Recipient header with the recipient's email address.
proxy_set_header X-Original-Sender $proxy_sender_address: Nginx sets the X-Original-Sender header with the sender's email address.

Step 3: Configure the Backend Mail Server

Configure your backend mail server to listen on a specific port (e.g., 2525 in the example above). You may need to update the mail server's configuration file (e.g., /etc/postfix/main.cf for Postfix) to include the following lines:

listen = 127.0.0.1:2525
smtpd_tls_cert_file = /path/to/cert.pem
smtpd_tls_key_file = /path/to/key.pem

Step 4: Restart Nginx

Restart Nginx to apply the new configuration:

sudo service nginx restart

Step 5: Test the Mail Proxy

Use a mail client (e.g., Thunderbird or Outlook) to send an email to a recipient. The email should be forwarded to the backend mail server, which will then deliver it to the recipient.

Additional Tips and Considerations

Make sure to configure your backend mail server to allow incoming connections from Nginx.
You may want to add additional security measures, such as SSL/TLS encryption, to protect the email transmission.
Consider implementing spam filtering and virus scanning using tools like SpamAssassin and ClamAV.
You can also use Nginx's built-in content filtering capabilities to block or modify email content.

By following these steps, you've successfully configured Nginx as a mail proxy server. This setup allows you to forward incoming email messages to a backend mail server while providing features like spam filtering and virus scanning.

Mail Knowledge

Configuring nginx as a mail proxy server