Forum: NGINX SMTP without Auth can this be done

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
blacktux (Guest)
on 2009-04-22 22:41
(Received via mailing list)
Does anyone have a example config of SMTP without Auth? I am just trying
to get going a SMTP Relay Proxy to a internal MTAs from external
connections. Or could please point me in the correct direction.
Cheers
James

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,1353,1353#msg-1353
Maxim D. (Guest)
on 2009-04-22 22:59
(Received via mailing list)
Hello!

On Wed, Apr 22, 2009 at 02:31:17PM -0400, blacktux wrote:

> Does anyone have a example config of SMTP without Auth? I am just trying to get going a 
SMTP Relay Proxy to a internal MTAs from external connections. Or could please point me in 
the correct direction.

mail {
    proxy_pass_error_message  on;
    auth_http  http://127.0.0.1:8080/mail/auth;
    xclient    off;

    server {
        listen     127.0.0.1:8025;
        protocol   smtp;
        smtp_auth  none;
    }
}

Simple auth server based on nginx rewrite module will look like
the following:

http {
    ...

    server {
        listen       127.0.0.1:8080;
        server_name  localhost;

        location = /mail/auth {
            set $reply ERROR;

            if ($http_auth_smtp_to ~ example.com) {
                set $reply OK;
            }

            add_header Auth-Status $reply;
            add_header Auth-Server 127.0.0.1;
            add_header Auth-Port 8026;
            add_header Auth-Wait 1;
            return 204;
        }
    }
}

Some notes:

1. SMTP proxy code in current nginx doesn't support PIPELINING,
while some servers seen in wild use it even if not advertised.
Expect problems.

2. The auth server provided above isn't real one, it's taken from
relevant test script.  Production use will probably require much
more strict checks.

3. Make sure that your MTA is NOT configured to relay all mail
from localhost, since it will see clients coming from nginx as
coming from localhost.  Or use XCLIENT as appropriate if it's
available in your MTA.

Maxim D.
This topic is locked and can not be replied to.