NGiNX does not pass SMTP AUTH command to server?

Andree Leidenfrost aleidenf at
Sun Feb 28 12:02:19 MSK 2010

Dear all,

I am by no means an experienced nginx user, but I have nginx working for
HTTP & IMAP and am now trying to add SMTP to the mix.

I require authentication for the SMTP server and am experiencing a
problem in that the first AUTH command that comes from the client does
not get passed through to the server by nginx; only the second one does.
Here is a telnet session to illustrate (an email client like Thunderbird
would of course not send the second AUTH command):

> telnet aurichvm04 465
Connected to aurichvm04.ostfriesland.
Escape character is '^]'.
220 aurichvm04 ESMTP ready
AUTH PLAIN <base64 encoded user & password>
235 2.0.0 OK
AUTH PLAIN <base64 encoded user & password>
235 2.7.0 Authentication successful

According to wireshark, rather than sending the AUTH command the first
time, nginx just sends a HELO command. The second time the AUTH command
is issued by the client, nginx passes it through (as I would expect it
to do the first time round).

I include my nginx.conf and sites-availabe/default below. I am using the
current Debian unstable package (0.7.65-1). My server is Postfix.

I few notes on the config:
- I am using a trivial authentication server.
- I have turned ssl off for test purposes.
- I have turned xclient off because Postfix does not accept the xclient 
  login attribute. (I don't believe it is required?)

If you could help that would be great!

Thanks a lot & best regards,


user                    www-data;
worker_processes        1;

error_log               /var/log/nginx/error.log;
pid                     /var/run/;

events {
       worker_connections       1024;

http {
     include            /etc/nginx/mime.types;

     access_log         /var/log/nginx/access.log;

     sendfile           on;

     keepalive_timeout  65;
     tcp_nodelay        on;

     gzip               on;
     gzip_disable       "MSIE [1-6]\.(?!.*SV1)";

     include            /etc/nginx/conf.d/*.conf;
     include            /etc/nginx/sites-enabled/*;

mail {
     ssl                        off;

ssl_certificate            /etc/ssl/certs/aurichvm04.ostfriesland_cert.pem;

ssl_certificate_key        /etc/ssl/private/aurichvm04.ostfriesland_key.pem;
     ssl_session_timeout        5m;

     server {
            listen              aurichvm04.ostfriesland:993;
            protocol            imap;

            imap_capabilities   "IMAP4rev1" "SORT" "THREAD=REFERENCES"

            proxy               on;
            auth_http ;

     server {
            listen              aurichvm04.ostfriesland:465;
            protocol            smtp;

            smtp_capabilities   "SIZE 10240000" "VRFY" "ETRN"

            proxy               on;
            xclient             off;
            auth_http ;


server {
       listen           localhost:9000;

       access_log       /var/log/nginx/localhost_AUTH.access.log;

       location = /auth-imap/ {
                add_header Auth-Status OK;
                add_header Auth-Server;
                add_header Auth-Port 143;


       location = /auth-smtp/ {
                add_header Auth-Status OK;
                add_header Auth-Server;
                add_header Auth-Port 25;


server {
       listen                   443;
       server_name              aurichvm04.ostfriesland;

       ssl                      on;

ssl_certificate          /etc/ssl/certs/aurichvm04.ostfriesland_cert.pem;

ssl_certificate_key      /etc/ssl/private/aurichvm04.ostfriesland_key.pem;
       ssl_session_timeout      5m;

access_log               /var/log/nginx/aurichvm04.ostfriesland_HTTPS.access.log;

       location / {
                proxy_pass              http://emden3:8080;
                proxy_redirect          off;
                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For
Andree Leidenfrost
Sydney - Australia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the nginx mailing list