Hello,
i do some tests with nginx and the mail proxy modules. running imap/pop3
seems to work. Now i try with smtp.
My auth-server is a little php-script:
<?
header("HTTP/1.0 200 OK");
header("Auth-Status: OK");
header("Auth-Server: 127.0.0.1");
header("Auth-Port: 25");
header("Auth-Protocol: smtp");
header("Auth-User: myusername");
header("Auth-Pass: mypass");
?>
When testing smtp by telnet i got: 451 4.3.2 Internal server error after
auth login.
and in log:
2011/02/08 14:04:42 [error] 27740#0: *23 upstream sent invalid response:
“550 5.7.0 Error: insufficient authorization” while reading response
from upstream, client: ip.ip.ip.ip, server: 0.0.0.0:26, login:
“myusername”, upstream: 127.0.0.1:25
what else is needed?
i have 2 more questions.
how to provide a basic log for mail-proxying? i only got server-errorlog
to work.
i read that nginx in smtp-proxy mode wants to do the complete auth-stuff
and needs an “open” smtp-engine behind. This is not what i like. I would
like that nginx is just transfering sessions to assigned host and let
the real smtp-engine(postfix) let do the auth stuff. with pop/imap proxy
ngingx is working like this but not with smtp. is this possible with
nginx?
Thanks,
Hajo
Posted at Nginx Forum:
Hello!
On Tue, Feb 08, 2011 at 09:05:44AM -0500, HajoLOcke wrote:
header(“Auth-User: myusername”);
what else is needed?
nginx doesn’t attempt authentication against SMTP backends. You
have to allow unauthenticated access from nginx on your SMTP
backends.
i have 2 more questions.
how to provide a basic log for mail-proxying? i only got server-errorlog
to work.
That’s the only logging available.
i read that nginx in smtp-proxy mode wants to do the complete auth-stuff
and needs an “open” smtp-engine behind. This is not what i like. I would
like that nginx is just transfering sessions to assigned host and let
the real smtp-engine(postfix) let do the auth stuff. with pop/imap proxy
ngingx is working like this but not with smtp. is this possible with
nginx?
No.
Maxim D.
Hello,
nginx doesn’t attempt authentication against SMTP backends. You
have to allow unauthenticated access from nginx on your SMTP
backends.
ok, i thinking about this…
but there must be a error in my response from auth-server, because not
postfix is rejecting mail but nginx is with internal error message.
postfix only says:
lost connection after XCLIENT from localhost[127.0.0.1]
what could be wrong? is there an additional header-line required?
Thanks,
Hajo
Posted at Nginx Forum:
Hello,
It’s Postfix who refused to talk to nginx, note “upstream sent
invalid response: “550 5.7.0 Error: insufficient authorization””
in your nginx log.
ahh, ok i see.
with xclient off and nginx-ip in trusted nets i can send mails now.
with xclient on i get: Bad XCLIENT attribute name: LOGIN
(older postfix)
i seems that xclient string is not configurable… ok, just for
tests…
in my case it would really the best way if nginx would just do the
proxying without doing auth stuff. but i think this is not even
planned.
Thanks,
Hajo
Posted at Nginx Forum:
Hello!
On Tue, Feb 08, 2011 at 11:09:08AM -0500, HajoLOcke wrote:
tests…
Using xclient requires postfix patch from here (in Russian):
http://www.citrin.ru/nginx:xclient-login-patch
Maxim D.
Hello!
On Tue, Feb 08, 2011 at 09:46:55AM -0500, HajoLOcke wrote:
nginx doesn’t attempt authentication against SMTP backends. You
have to allow unauthenticated access from nginx on your SMTP
backends.
ok, i thinking about this…
but there must be a error in my response from auth-server, because not
postfix is rejecting mail but nginx is with internal error message.
postfix only says:
lost connection after XCLIENT from localhost[127.0.0.1]
what could be wrong? is there an additional header-line required?
It’s Postfix who refused to talk to nginx, note “upstream sent
invalid response: “550 5.7.0 Error: insufficient authorization””
in your nginx log.
As you don’t have proxy_pass_error_message in your config - this
results in “451 4.3.2 Internal server error” returned by nginx.
Maxim D.