Configuring nginx as mail proxy

Laurent Bonetto lbonetto at kenzanmedia.com
Wed Oct 24 21:38:29 UTC 2012 

Hi Maxim,

Thank you for sticking with me on this. I appreciate very much.

I did understand you meant to change the number of worker_connections. The only reason why I had lowered it was that I got a warning:
nginx: [warn] 1024 worker_connections exceed open file resource limit: 256

After pointing my mail client to localhost, I was finally able to see nginx hit my mock for an authentication request so there is definitely some progress! Unfortunately, the proxying is still not working. More precisely:

nginx hits my authenticate mock server with:
Host: localhost
Auth-User: <my user name>
Auth-Pass: <my password>
Auth-Protocol: pop3
Auth-Login-Attempt: 1
Client-IP: 192.168.1.104
- If my mock responds with
< HTTP/1.1 200 OK
< Content-Type: text/html
< Auth-Status: Invalid login or password
< Auth-Wait: 3
< Content-Length: 0
Then my mail client tells me that I have the incorrect username or password, as expected.

- However, if my mock responds with:
< Auth-Status: OK
< Auth-Server: <my mail server>
< Auth-Port: 110
The the mail client responds with an internal server error.
I added the Auth-Pass (which should not be needed anyway) in the response and that didn't help.


Since I didn't see any error in the error.log from nginx I used wireshark to monitor traffic. I filtered on tcp.port eq 110 and compared side by side the traffic coming from an account using a direct connection to my mail server, and an account going through the nginx proxy. In the second case (through proxy), I do not see any traffic going out to my mail server, suggesting it does not get the info it was expecting from my authentication service.

- Can you think of something I am missing?
- How do I even go about debugging what's happening here apart from what I am already doing (using wireshark)?

Again, for info, here is my current config:


 worker_processes  1;

  error_log  /var/log/nginx/error.log info;

 events {
 worker_connections 1024;
 }

  mail {      
  # I assume server_name comes from Auth-Server so I tried commenting out. Same behavior.
    server_name       <my mail server>; 
    auth_http   localhost:8080/authorize;

    pop3_auth         plain;
    pop3_capabilities "TOP" "USER" "UIDL";

    smtp_auth         login plain cram-md5;
    smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
 
   xclient           off;

    server {
        listen   2525;
        protocol smtp;
    }
    server {
          listen     110;
          protocol   pop3;
          proxy      on;
          proxy_pass_error_message  on;
    }
 }



On Oct 24, 2012, at 12:26 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
> 
> On Wed, Oct 24, 2012 at 11:49:43AM -0400, Laurent Bonetto wrote:
> 
>> Thanks. That was indeed my first issue. I did sudo port edit 
>> nginx, added --with-mail to the config options, reinstalled, and 
>> now I am passed that error.
>> 
>> I then got an error that no events was present so I just added 
>> events {
>> worker_connections 1;
>> }
> 
> This isn't going to work.  With such a low number of worker 
> connections nginx won't be able to start worker processes properly 
> (unless you have no listening sockets configured).
> 
> Try looking into error log, you should see something like:
> 
> 2012/10/24 20:17:53 [alert] 58202#0: 1 worker_connections are not enough
> 2012/10/24 20:17:53 [notice] 58201#0: signal 20 (SIGCHLD) received
> 2012/10/24 20:17:53 [notice] 58201#0: worker process 58202 exited with code 2
> 2012/10/24 20:17:53 [alert] 58201#0: worker process 58202 exited with fatal code 2 and cannot be respawned
> 
> You have to set worker_processes to something reasonable.  
> Something like 512 as by default is usually a good choice for a 
> small test server.
> 
>> Now nginx is starting but I never see any hit to my mock service 
>> despite it being specified in auth_http
>>    auth_http    http://localhost:8080/authorize;
>> No errors reported in the error log.
>> 
>> When is nginx expected to hit the url specified in nginx? When 
>> it gets launched? When an event occurs on the ports 110 and 2525 
>> with the protocols I specified?
> 
> The auth service is requested when nginx needs to authenticate a 
> client and to find out a backend server address to proxy the 
> client to.
> 
> -- 
> Maxim Dounin
> http://nginx.com/support.html
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20121024/e9bdafbf/attachment.html>

More information about the nginx mailing list