Hi,


I've installed Zimbra in a multi-server installation, with a proxy and a mailstore on a separate machine.

I'm trying to access to a mailbox with IMAP SSL through the proxy. In the nginx.log, I've got (the IPs are from a test platform) :

2010/06/28 13:22:28 [info] 13062#0: *57 client 10.201.0.11 connected to 0.0.0.0:993
2010/06/28 13:22:30 [info] 13062#0: *57 upstream sent invalid response: "NO cleartext logins disabled" while reading response from upstream, client: 10.201.0.11, server: 0.0.0.0:993, login: "mtp_user1@cirad.fr", upstream: 10.203.0.100:7143, [10.201.0.11:1055-10.202.0.100:993] <=> [10.202.0.100:47829-10.203.0.100:7143]
So, the client is connecting to the proxy with the port 993 (imap ssl), which is ok. but the proxy is trying to connect to the mailstore with the port 7143, which is wrong. It should be 7993.

On both server, I've got the following imap parameters :

zimbraImapBindOnStartup: TRUE
zimbraImapBindPort: 7143
zimbraImapCleartextLoginEnabled: TRUE
zimbraImapExposeVersionOnBanner: FALSE
zimbraImapMaxRequestSize: 10240
zimbraImapNumThreads: 200
zimbraImapProxyBindPort: 143
zimbraImapSSLBindOnStartup: TRUE
zimbraImapSSLBindPort: 7993
zimbraImapSSLProxyBindPort: 993
zimbraImapSSLServerEnabled: TRUE
zimbraImapSaslGssapiEnabled: FALSE
zimbraImapServerEnabled: TRUE
zimbraImapShutdownGraceSeconds: 10
zimbraReverseProxyImapExposeVersionOnBanner: FALSE
zimbraReverseProxyImapSaslGssapiEnabled: FALSE
zimbraReverseProxyImapSaslPlainEnabled: TRUE
zimbraReverseProxyImapStartTlsMode: only
zimbraStatThreadNamePrefix: ImapSSLServer
zimbraStatThreadNamePrefix: ImapServer
So, it works if I enable clear text password on the mailstore, but I'd like to not have to do it.

If I understand correctly, the proxy use the proxy lookup handler to determine the path to the mailstore, so I suppose my problem lie there.

- Is the proxy lookup handler the one to send back the port with the good mailstore for the requested user ?
- Is there a method to manually test the proxy lookup handler or debug the request ?

Thanks in advance for any help.