smtp proxy with postfix

Maxim Dounin mdounin at mdounin.ru
Wed Dec 30 15:04:27 UTC 2015


Hello!

On Wed, Dec 30, 2015 at 08:20:27AM -0500, Cugar15 wrote:

> Well, here we go again... somehow, I'm not getting this smtp proxy to work
> with nginx.
> I moved to haproxy, and this combination works ok. Creating a tcp connection
> passes over to postfix
> and the postfix prompt is seen using a telnet connection - and all works
> just fine.
> 
> However, I'd like to stick with nginx if possible....actually if possible at
> all!

If TCP proxying is enough in your case - you can consider 
using stream proxy module instead, see here:

http://nginx.org/en/docs/stream/ngx_stream_core_module.html

> Here are my findings - and maybe somebody can help to confirm or disagree:
> 
> 1) Xclient = on will basically bypass sals authorithation in postfix.
>     Postfix/Sasl will assume that the message is already authenticated.
>     All the auth login commands are basically exectuted

Yes.  All information obtained by nginx is passed via the XCLIENT 
command.

> 2) Xclient = off will not trigger any sals authentication in postfix.
>     Somehow, it seems, that the credentials are not forwarded to postfix

Yes.  Authentication is checked by auth_http script, and there is 
no need to do additional authentication to SMTP backend.  As long 
as appropriate checks are done by auth_http, it's enough to allow 
your nginx IP to submit mail.

If it's not enough in your particular setup (e.g., you want 
correct "Received" headers to be added), enable XCLIENT.

> Is this really the expected behaviour? 
> IMAP behaviour is completely different. Here the authentication works just
> fine...

Yes, that's expected.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list