Forum: NGINX nginx imaps auth_http dovecot

Abda93e9b12e91132a7ba1839e167909?d=identicon&s=25 Alokat (Guest)
on 2011-03-06 22:25
(Received via mailing list)
Hi,

I'm not sure, what I have to use as an URL for auth_http?
Cause Dovecot uses a postgresql database.

My Config:

mail {
   auth_http  localhost:9000/cgi-bin/auth;

   imap_auth  cram-md5;
   smtp_auth cram-md5;
   imap_capabilities "IMAP4rev1" "UIDPLUS";
   proxy on;

   server {
     listen imap.server.org:993;
     server_name imap.server01.org;
     ssl      on;
     ssl_certificate      /usr/local/nginx/ssl/imap.pilshusen.de.crt;
     ssl_certificate_key  /usr/local/nginx/ssl/imap.pilshusen.de.key;
#    ssl_session_timeout  5m;
#    ssl_protocols  SSLv2 SSLv3 TLSv1;
#    ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#    ssl_prefer_server_ciphers   on;
     protocol imap;
   }
}


And I got the following error:

2011/03/06 22:17:17 [error] 1564#0: *8 recv() failed (111: Connection
refused) while in http auth state, client: 188.192.38.254, server:
84.210.211.83:993, login: "user@domain.org"


Regards,
alokat
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2011-03-07 01:16
(Received via mailing list)
Hello!

On Sun, Mar 06, 2011 at 10:22:38PM +0100, Alokat wrote:

> I'm not sure, what I have to use as an URL for auth_http?
> Cause Dovecot uses a postgresql database.

http://wiki.nginx.org/MailAuthModule#auth_http

Maxim Dounin
2974d09ac2541e892966b762aad84943?d=identicon&s=25 moorthi (Guest)
on 2011-04-29 18:41
(Received via mailing list)
hi i want to run nginx for pops
I configured nginx to listen on 995, actual pops is running on 1995(both
on same server, tried on diff servers also still the same error).
if i do openssl s_client -ssl3 -connect  <domain>:1995  authentication
working fine
but if i do openssl s_client -ssl3 -connect  <domain>:995 authentication
is not working, it just hung after entering the password
i'm not using epoll also
plz suggest me

Thanks for patience.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,180902,194493#msg-194493
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2011-04-30 12:58
(Received via mailing list)
Hello!

On Fri, Apr 29, 2011 at 12:41:32PM -0400, moorthi wrote:

> hi i want to run nginx for pops
> I configured nginx to listen on 995, actual pops is running on 1995(both
> on same server, tried on diff servers also still the same error).
> if i do openssl s_client -ssl3 -connect  <domain>:1995  authentication
> working fine
> but if i do openssl s_client -ssl3 -connect  <domain>:995 authentication
> is not working, it just hung after entering the password
> i'm not using epoll also
> plz suggest me

1. You have to setup correct auth_http script.  Assuming you've
already done it.

2. SSL backends isn't supported by nginx mail proxy, you need
non-ssl backend and direct nginx to it.

BTW, looking into error_log usually helps a lot.

Maxim Dounin
2974d09ac2541e892966b762aad84943?d=identicon&s=25 moorthi (Guest)
on 2011-05-02 07:15
(Received via mailing list)
auth_http script and other setttings are done correctly,
this is what i am getting in error.log
upstream timed out (111: Connection timed out) while connecting to
upstream
it's saying +OK for user <username> in connect
but after entering pass <password> it's giving above error.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,180902,194908#msg-194908
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2011-05-02 20:54
(Received via mailing list)
Hello!

On Mon, May 02, 2011 at 01:15:08AM -0400, moorthi wrote:

> auth_http script and other setttings are done correctly,
> this is what i am getting in error.log
> upstream timed out (111: Connection timed out) while connecting to
> upstream

I believe this is clear enough: nginx wasn't able to connect to
upstream (backend) server.  Check backend server and port returned
by auth_http script.

> it's saying +OK for user <username> in connect
> but after entering pass <password> it's giving above error.

After PASS command nginx will try to authenticate client with
auth_http script and then connect to upstream (backend) server.
As soon as connection to upstream times out - nginx should return
"-ERR internal server error" in reply to PASS command (if client
is still here).

Maxim Dounin
2974d09ac2541e892966b762aad84943?d=identicon&s=25 moorthi (Guest)
on 2011-05-03 08:10
(Received via mailing list)
auth_http script is working fine if i use pop/imap ports 110/143, if i
use 993/995 it's not working

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,180902,195125#msg-195125
2974d09ac2541e892966b762aad84943?d=identicon&s=25 dukzcry (Guest)
on 2012-05-13 13:40
(Received via mailing list)
Hi, moorthi.

Maxim told you twice that the feature you're asking for is unsupported.
If you really need this functional by some reason, see there:
http://forum.nginx.org/read.php?2,219069,226365#msg-226365 .

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,180902,226367#msg-226367
88c0dae13d60c5a245b6fd5d7da643b3?d=identicon&s=25 Shawn Za (shawn82)
on 2014-04-14 03:37
Does this mean that from the nginx proxy to the backend, the passwords
will fly through the internet wide open if the backend is a remote
machine?

Maxim Dounin wrote in post #995934:

> 2. SSL backends isn't supported by nginx mail proxy, you need
> non-ssl backend and direct nginx to it.
>
> BTW, looking into error_log usually helps a lot.
>
> Maxim Dounin
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-04-14 13:05
(Received via mailing list)
Hello!

On Mon, Apr 14, 2014 at 03:37:05AM +0200, Shawn Za wrote:

> Does this mean that from the nginx proxy to the backend, the passwords
> will fly through the internet wide open if the backend is a remote
> machine?

Nobody stops you from providing secure network in-between, e.g.
with ipsec or ssl tunnel.

--
Maxim Dounin
http://nginx.org/
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.