Is it possible to reverse proxy a remote (managed by another company, think Google Apps or Office 365) SMTP/IMAP server through NGINX? Example:
I host example.com, and use mailhost.com to host my mail. I tried adding 2 CNAME records on example.com to accomplish this, but it didn't work. [smtp.example.com -> smtp.mailhost.com, etc]
Preferably, I want one subdomain (mail.example.com), pointing to both smtp.mailhost.com and imap.mailhost.com, differentiating between the two using ports. [mail.example.com:993 -> imap.mailhost.com:993, smtp.example.com:587 -> smtp.mailhost.com:587]
Is this possible? The only reason I want to do it is to make setting up mail clients easier for my website's users, and to stop confusion when asking why I am asking them to connect to a seemingly random domain to get emails. I understand this may cause some problems with DKIM etc.
Is this task easy, more hassle than it is worth or impossible? I'm capable of setting up a mail server, but would rather use a ready solution.
Best Answer
In my opinion the NGINX mail proxy server guide lacks of one very important information that was necessary for me to get something similar working:
Using a PHP Script on an Apache Server as the IMAP Auth Backend
I spent some weeks to find a working solution as mocking the auth service was not working properly for me. After disabling all SSL features and adding the auth php script I was finally able to receive emails with IMAP via the NGINX proxy.
One Problem that still exists for SMTP is: NGINX doesn't forward the auth command to the server: https://forum.nginx.org/read.php?2,58181,58186#msg-58186.
Therefore disabling auth for SMTP is necessary to make use of NGINX mail proxy. If someone finds a workaround please post the solution here: https://stackoverflow.com/questions/56031592/nginx-forwarding-smtp-auth-credentials-to-next-server/56583571#56583571
Here are some related links to the topic I want to share: