SMTP without Auth can this be done

Maxim Dounin mdounin at mdounin.ru
Wed Apr 22 22:51:07 MSD 2009


Hello!

On Wed, Apr 22, 2009 at 02:31:17PM -0400, blacktux wrote:

> Does anyone have a example config of SMTP without Auth? I am just trying to get going a SMTP Relay Proxy to a internal MTAs from external connections. Or could please point me in the correct direction.

mail {
    proxy_pass_error_message  on;
    auth_http  http://127.0.0.1:8080/mail/auth;
    xclient    off;

    server {
        listen     127.0.0.1:8025;
        protocol   smtp;
        smtp_auth  none;
    }
}

Simple auth server based on nginx rewrite module will look like 
the following:

http {
    ...

    server {
        listen       127.0.0.1:8080;
        server_name  localhost;

        location = /mail/auth {
            set $reply ERROR;

            if ($http_auth_smtp_to ~ example.com) {
                set $reply OK;
            }

            add_header Auth-Status $reply;
            add_header Auth-Server 127.0.0.1;
            add_header Auth-Port 8026;
            add_header Auth-Wait 1;
            return 204;
        }
    }
}

Some notes:

1. SMTP proxy code in current nginx doesn't support PIPELINING, 
while some servers seen in wild use it even if not advertised.  
Expect problems.

2. The auth server provided above isn't real one, it's taken from 
relevant test script.  Production use will probably require much 
more strict checks.

3. Make sure that your MTA is NOT configured to relay all mail 
from localhost, since it will see clients coming from nginx as 
coming from localhost.  Or use XCLIENT as appropriate if it's 
available in your MTA.

Maxim Dounin





More information about the nginx mailing list