SASL support for mail proxy in NGINX

Quanah Gibson-Mount quanah at
Mon Sep 8 22:28:01 UTC 2014

--On Tuesday, September 09, 2014 12:49 AM +0400 Maxim Dounin 
<mdounin at> wrote:

>> > We plan on adding SASL support to SMTP as well unless you guys have
>> > plan to do that already ?
>> Any nginx developers have any thoughts on this?
> When talking to mail backends, nginx doesn't use SASL for
> authentication as it's believed to be superfluous to use it
> instead of native protocol commands in the non-hostile backend
> environment.

I'm not sure what you mean by this, can you expand please?

> There is SASL support in nginx mail module though, and it happily
> authenticates users with PLAIN, LOGIN and CRAM-MD5 SASL mechanisms
> (as long as http_auth script used is able to handle this).

These are particularly limited SASL mechanisms.  Ours adds support for 
linking to cyrus-sasl, for extended SASL mechanisms such as GSSAPI, SPNEGO, 
etc.  If that's not of interest, that's fine, but it's generally much more 
useful security wise.



Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra ::  the leader in open source messaging and collaboration

More information about the nginx-devel mailing list