NGiNX does not pass SMTP AUTH command to server?
Andree Leidenfrost
aleidenf at bigpond.net.au
Sun Feb 28 16:04:47 MSK 2010
Hi Maxim!
On Sun, 2010-02-28 at 15:41 +0300, Maxim Dounin wrote:
> Hello!
>
> On Sun, Feb 28, 2010 at 10:18:59PM +1100, Andree Leidenfrost wrote:
>
> > NGiNX authenticates fine for IMAP and POP3. Is it not somewhat
> > inconsistent that it does not authenticate for SMTP? Especially as it
> > seems to work the second time??? If the SMTP server can take care of
> > authentication in the first place, would it not be a good thing to
> > utilise this rather than relying on an additional authentication
> > mechanism?
>
> It is believed that there is no need to re-authenticate against
> smtp backend as it doesn't provide any additional value (unlike
> POP3 and IMAP where it's required to obtain access to specific
> mailbox).
I for once would like to use the SMTP backend for authentication. ;-)
(This is why I use a static/primitive http_auth server.) NGiNX seems to
be able to pass the AUTH command through the second time, so on
principle, I suppose, this could also work the first time? (You decide
whether this is worthwhile to support by NGiNX.)
As a side note, I would really appreciate to be able to securely
communicate to any of the backends via SSL from NGiNX, be that POP3,
IMAP or SMTP or whatever - it's letters versus postcards even within
organisations - I like the privacy of letters.
> > Has the patch you mention actually been put in front of the Postfix
> > people?
>
> AFAIK, no. But I may be wrong, I'm not the author of the patch
> in question.
>
> > I have no idea what RFCs may exist for this xclient stuff (and I
> > have not really been able to find anything definitive on this on the
> > internet),
>
> XCLIENT was originally implemented in Postfix, and there is no
> RFC. There is also patch for Exim to support it (developed by
> Vsevolod Stakhov, cebka.pp.ru; the patch was made for nginx and
> supports LOGIN attribute).
Thank you! If this is a Postfix thing in the first place, the Postfix
people should really be talked to, I guess? Not much point having a
patch that may never make it into upstream Postfix (unless you operate
in an environment where components are hand-patched all the time)?
> [...]
>
> Maxim Dounin
>
> p.s. Please do not top-post. Thank you.
Thanks a lot & best regards,
Andree
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
--
Andree Leidenfrost
Sydney - Australia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://nginx.org/pipermail/nginx/attachments/20100301/8443212b/attachment-0001.pgp>
More information about the nginx
mailing list