Nginx - SMTP no authentication
Maxim Dounin
mdounin at mdounin.ru
Wed Nov 10 15:52:43 MSK 2010
Hello!
On Wed, Nov 03, 2010 at 06:00:18PM +0100, blurp pasglop wrote:
> Hello
>
>
> I have an nginx proxy smtp and on backend an criticalpath servers.
> I want to configure nginx to do :
> auth if if my client is configured to do auth
> no auth if my client doesn't do this
>
> I want to redirect the clients to the good backend ( with an LDAP server ),
> and read in plain text the password.
>
> I configure first with :
> *1) smtp_auth* *login plain cram-md5 ;
> The authentication is OK but necessary ( the no authentication does no work
> )
That's expected.
> 2) **smtp_auth* *login plain;
> the authentication is not OK because the mail is delivered if the password
> is not the good password
This should behave the same as in (1), check your auth_http
script.
> The nginx proxy doesn't do the authentication with the backend server
Authentication is expected to be handled by auth_http, nginx
doesn't try to pass authentication to backend smtp server.
> 3)**smtp_auth* *login plain cram-md5 none;
> the mail is always delivered ( godd password or not )
> **The nginx proxy doesn't do the authentication with the backend server*
See above.
If you want to mix submission service and inbound MX on the same
host - you may want to pass information if client authenticated or
not to smtp backend, it may be passed with xclient option (patches
for various smtp servers are available out there[1][2]).
[1] http://citrin.ru/nginx:xclient-login-patch
(patch for Postfix, in Russian)
[2] http://cebka.pp.ru/blog_en/2007/12/xclient-in-exim.html
(patch for Exim)
Note that [2] currently returns 404 for the patch itself. I've
pinged author, likely this will be fixed soon.
Maxim Dounin
More information about the nginx
mailing list