Why does the unauthenticated SMTP proxy include auth_http statement?

Maxim Dounin mdounin at mdounin.ru
Wed Jan 16 10:25:12 UTC 2013


On Tue, Jan 15, 2013 at 01:56:54PM +0000, Andy D'Arcy Jewell wrote:

> Hi all,
> Can anyone throw some light on this for me please?
> Looking at: http://wiki.nginx.org/Faq#How_can_Nginx_be_deployed_as_an_SMTP_proxy.2C_with_a_Postfix_backend.3F
> It says "The example is for unauthenticated e-mail as you can see",
> but the example clearly shows authentication:
> ---------------------------------------------------------
> mail { server_name mail.somedomain.com;
>     auth_http localhost:8008/auth-smtppass.php;
> ---------------------------------------------------------
> So I'm confused - should this be in there? Because if so, I'm
> obviously missing something about what unauthenticated means...

The "auth_method none" still doesn't mean there is no 
authentication/authorization at all, it means that it's done 
without requiring a user to provide login/password.  Auth script 
is still expected to do some form of authorization, e.g. by 
checking ip and source/destination addresses provided.

Maxim Dounin

More information about the nginx mailing list