Mail Proxy with Multiple Mail Domains

Francis Daly francis at daoine.org
Thu Nov 14 19:12:02 UTC 2019


On Wed, Nov 13, 2019 at 08:00:58PM +0100, nsclick at gmx.de wrote:

Hi there,

Untested, but...

> I would like to setup a Nginx mail proxy which handles IMAP and SMTP for two different mail domains and two different backend servers (one server for each of the domains).
> 

The easiest way is probably to have nginx listening on two IP addresses;
each one handling one domain.

> Let's say we have the two mail domains:
> - mail.foo.com
> - mail.bar.com
>  
> Then we can setup a minimalistic mail block like:
>  
> mail {
>   server_name mail.foo.com;  <-- ############ Can I simply add 'mail.bar.com' here? ############

No.

http://nginx.org/en/docs/mail/ngx_mail_core_module.html#server_name

says when this is used. If it is important in your case to have two
different names, then you will want to set it in each server{}.

>   $backend_ip["mailhost_foo"] ="192.168.1.10";
>   $backend_ip["mailhost_bar"] ="192.168.1.20";
> 
>   $selection  <-- ############ How to make this selection? ############
>                   Do we have information about the requested mail domain here?
>                   If yes, in which $_SERVER item?

If you use something like

  server {
    server_name foo;
    listen ip1:25;
  }

  server {
    server_name bar;
    listen ip2:25;
  }

then you can also include an auth_http_header to say "this is foo", or
"this is bar".

Or you can use a different auth_http url for foo and for bar, so that
each one "knows" the backend ip for itself.

> But how to solve the questions marked with "###" above?
> I tried to find something in the Nginx documentation, but without success.
> Any ideas?

http://nginx.org/en/docs/mail/ngx_mail_core_module.html#listen says

"""
Different servers must listen on different address:port pairs.
"""

Alternatively,
http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
shows that you will probably have an Auth-User for IMAP, and an
Auth-SMTP-To for SMTP. If those values make it clear which mail domain is
used in this request, then your auth_http script can use the appropriate
logic.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list