I just had our prototype mailproxy turned into an open relay because nginx doesn't pass through smtp auth, requiring me to tell the real mailserver to trust it. This could substantially complicate and slow down the authentication script for nginx, though I'll investigate xclient. smtp auth pass through would be much cleaner...