Mail proxy to 3rd party using ssl

I am setting up nginx as POP3 mail proxy to two 3rd party mail servers.
Different domains, one of them uses SSL.

Since I do not have that 3rd party’s SSL certificate I use my own
company
certificate in nginx. That cert is properly signed but obviousy belongs
to
another domain (our domain).

If I connect to the non-ssl server through nginx all works fine (port
110 on
nginx and 3rd party server).

If I connect to the ssl domain through nginx (port 995 on nginx and 3rd
party server) I seem to not get a response from the 3rd party server.
The
authentication routine on connection establishment is properly called by
nginx (correct uname/pw) and it returns that the user is OK (correct 3rd
party IP address is returned as well).

Using the email client without proxy works fine, meaning: uname/pw are
correct.

Questions:

• Is such configuration possible at all (ssl to 3rd party server without
  having that server’s certificate installed on nginx)?
• Is nginx in this configurtion a man-in-the middle? Could that be a
  problem?
• Any idea how to further debug?

Thanks,
Rick

Posted at Nginx Forum:

Hello!

On Tue, Sep 03, 2013 at 01:22:36AM -0400, rmombassa wrote:

If I connect to the ssl domain through nginx (port 995 on nginx and 3rd
having that server’s certificate installed on nginx)?

• Is nginx in this configurtion a man-in-the middle? Could that be a
  problem?
• Any idea how to further debug?

The main problem you are facing right now is that nginx doesn’t
support SSL mail backends.

And as far as I understand the description of what you are trying to
do, it’s a MITM, and it’s not going to work unless you control
clients and can convince them to accept your certificate. But
it’s likely not a problem as you already have everything working
with non-ssl backends.

–
Maxim D.
http://nginx.org/en/donation.html