NGiNX does not pass SMTP AUTH command to server?

Andree Leidenfrost aleidenf at bigpond.net.au
Sun Feb 28 16:04:47 MSK 2010


Hi Maxim!

On Sun, 2010-02-28 at 15:41 +0300, Maxim Dounin wrote:
> Hello!
> 
> On Sun, Feb 28, 2010 at 10:18:59PM +1100, Andree Leidenfrost wrote:
> 
> > NGiNX authenticates fine for IMAP and POP3. Is it not somewhat
> > inconsistent that it does not authenticate for SMTP? Especially as it
> > seems to work the second time??? If the SMTP server can take care of
> > authentication in the first place, would it not be a good thing to
> > utilise this rather than relying on an additional authentication
> > mechanism?
> 
> It is believed that there is no need to re-authenticate against 
> smtp backend as it doesn't provide any additional value (unlike 
> POP3 and IMAP where it's required to obtain access to specific 
> mailbox).

I for once would like to use the SMTP backend for authentication. ;-)
(This is why I use a static/primitive http_auth server.) NGiNX seems to
be able to pass the AUTH command through the second time, so on
principle, I suppose, this could also work the first time? (You decide
whether this is worthwhile to support by NGiNX.)

As a side note, I would really appreciate to be able to securely
communicate to any of the backends via SSL from NGiNX, be that POP3,
IMAP or SMTP or whatever - it's letters versus postcards even within
organisations - I like the privacy of letters.

> > Has the patch you mention actually been put in front of the Postfix
> > people?
> 
> AFAIK, no.  But I may be wrong, I'm not the author of the patch 
> in question.
> 
> > I have no idea what RFCs may exist for this xclient stuff (and I
> > have not really been able to find anything definitive on this on the
> > internet),
> 
> XCLIENT was originally implemented in Postfix, and there is no 
> RFC.  There is also patch for Exim to support it (developed by 
> Vsevolod Stakhov, cebka.pp.ru; the patch was made for nginx and 
> supports LOGIN attribute).

Thank you! If this is a Postfix thing in the first place, the Postfix
people should really be talked to, I guess? Not much point having a
patch that may never make it into upstream Postfix (unless you operate
in an environment where components are hand-patched all the time)?

> [...]
> 
> Maxim Dounin
> 
> p.s. Please do not top-post.  Thank you.

Thanks a lot & best regards,
Andree

> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx


-- 
Andree Leidenfrost
Sydney - Australia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://nginx.org/pipermail/nginx/attachments/20100301/8443212b/attachment-0001.pgp>


More information about the nginx mailing list