SMTP AUTH with XCLIENT - impossible or just difficult?

Maxim Dounin mdounin at
Fri Aug 6 05:56:38 MSD 2010


On Wed, Aug 04, 2010 at 08:02:29AM -0500, Karl Kraft wrote:

> I have been successful at using nginx as a front end to POP and 
> IMAP servers to keep mailboxes spread across multiple machines.   
> It also provided the added benefit of enabling SSL for privacy.  
> I wrote a custom HTTP based authentication agent to direct to 
> the proper mailbox, and everything seems to work great. Now I 
> would like to do the same for SMTP connections, using nginx as 
> both an SSL front end and director to my SMTP daemons.
> However, after implementing XCLIENT in the SMTP daemon, and 
> adding a simple configuration to nginx, all is not well. After 
> working my way through the mailing list and trying several 
> configurations, I am left thinking that XCLIENT with 
> authentication simply does not work.  Has anyone ever managed to 
> get this to work?


> SN: 220 - 
> (NFSmtp/2006q2.1) Authorized network
> SN: 250-/
> SN: 250-EXPN
> SN: 250-SIZE
> SN: 250 HELP

Here actual problem happens.  nginx doesn't really understand 
multiline smtp replies, but usually handles them nicely once they 
happen to be in single tcp packet.

Most likely your tcp daemon sends ehlo reply in multiple packets.  
This isn't good from performance point of view but anyway should 
be supported.  Try the attached patch.


> The only way I am able to get close to a working connection is 
> with the following two conditions:
> Turn XCLIENT off - this of course makes it impossible for the 
> back end server to know the authenticated username or source IP 
> address. 
> Client must send HELO instead of EHLO - controlling all the 
> clients is out of the question.

While XCLIENT is mostly unrelated - it forces nginx to use ESMTP 
with backend, i.e. use EHLO.  In your case EHLO reply is multiline 
one and split across multiple packets.  This in turn causes all 
the troubles (and the same thing happens if client itself uses 

Maxim Dounin

More information about the nginx mailing list