I have an nginx proxy smtp and on backend an criticalpath servers.
I want to configure nginx to do :
auth if if my client is configured to do auth
no auth if my client doesn’t do this
I want to redirect the clients to the good backend ( with an LDAP server
),
and read in plain text the password.
I configure first with : 1) smtp_auth *login plain cram-md5 ;
The authentication is OK but necessary ( the no authentication does no
work
)
2) *smtp_auth *login plain;
the authentication is not OK because the mail is delivered if the
password
is not the good password
The nginx proxy doesn’t do the authentication with the backend server
3)*smtp_auth *login plain cram-md5 none;
the mail is always delivered ( godd password or not )
*The nginx proxy doesn’t do the authentication with the backend server
On Wed, Nov 03, 2010 at 06:00:18PM +0100, blurp pasglop wrote:
I configure first with : 1) smtp_auth *login plain cram-md5 ;
The authentication is OK but necessary ( the no authentication does no work
)
That’s expected.
*smtp_auth *login plain;
the authentication is not OK because the mail is delivered if the password
is not the good password
This should behave the same as in (1), check your auth_http
script.
The nginx proxy doesn’t do the authentication with the backend server
Authentication is expected to be handled by auth_http, nginx
doesn’t try to pass authentication to backend smtp server.
3)*smtp_auth *login plain cram-md5 none;
the mail is always delivered ( godd password or not )
*The nginx proxy doesn’t do the authentication with the backend server
See above.
If you want to mix submission service and inbound MX on the same
host - you may want to pass information if client authenticated or
not to smtp backend, it may be passed with xclient option (patches
for various smtp servers are available out there[1][2]).