Dear all, For pop and imap its pretty clear and I have documented on the wiki. Can someone please state a short example on how nginx smtp proxy works with a smtp server. The documentation on this is very sparse, If you can forward me to the right direction, I will write myself the documentation on the wiki. Withougt authenticatin (MX) * Is it possible to mutiplex to different real smtp servers (If not, its fine, LVS can do that job) * Is is possible to do something with the header before forwarding the request to the real smtp sever. (How can real smtp server do RBL checks if the IP address is local) * What can nginx do before sending the connection the the smtp server (Can it change/add some headers, can in pass the mail through a filter)? With Authentication Same questions as above. A short example (even in pseudo code) will be very helpful. What to look out on the real smtp server? Does the actual IP goes to the real smtp server? etc thanks and best regards -- Atif Ghaffar
on 2009-04-03 22:27
on 2009-04-03 23:58
Atif Ghaffar wrote: > > Withougt authenticatin (MX) > > * Is it possible to mutiplex to different real smtp servers (If not, its > fine, LVS can do that job) Nginx send request by http to defined in config server and this server can return ip of differend upstreams. So load balancing can be done by this "auth" server. > > * Is is possible to do something with the header before forwarding the > request to the real smtp sever. (How can real smtp server do RBL checks > if the IP address is local) Nginx can say to real smtp server about client's ip via XCLIENT command: http://www.postfix.org/XCLIENT_README.html xclient also can be used with patched exim: http://cebka.pp.ru/blog/patch-exim-xclient Also RBL check can be performed by nginx+http server. Example of such server is: http://cebka.pp.ru/hg/nginx-smtp-policy (works with pathed libevent: http://cebka.pp.ru/blog/libevent_txt.patch) > > * What can nginx do before sending the connection the the smtp server > (Can it change/add some headers, can in pass the mail through a filter)? No, nginx can't change message. > > > With Authentication > Same questions as above. A short example (even in pseudo code) will be > very helpful. Auth server works as for pop3/smtp. Additional header in response can be added for bad replays - Auth-Status - it used as smtp error code. May be the main reason to use nginx as smtp auth proxy - to share auth server with pop3/imap. > > What to look out on the real smtp server? > Does the actual IP goes to the real smtp server? > MTA can know client's IP also from XCLIENT command.
on 2009-04-04 00:10
Anton, Thanks for your replies, They are most useful (and you will be credited in the wiki entry) Let me try these now and come back to you. best regards
on 2009-04-04 22:07
Anton, If I correctly undrestood, 1. nginx as smtp proxy is useful when using smtp auth. (to dispatch to different backends) 2. nginx as smtp proxy is useful when not using smtp auth. (to do ip based checks) please confirm. thanks and best regards -- Atif
on 2009-04-04 23:40
Atif Ghaffar wrote: > If I correctly undrestood, > > 1. nginx as smtp proxy is useful when using smtp auth. (to dispatch to > different backends) IMHO nginx as smtp proxy with auth useful only to reuse auth server created for pop/imap proxy. For pop3/imap nginx need for proxing different users to different backend (where mail stored). In smtp message can be send via random server. nginx can be used for load balancing between different servers with MTA, but for load-balancing only better to use something like IPVS (in Linux) or pf (in BSD). > 2. nginx as smtp proxy is useful when not using smtp auth. (to do ip > based checks) Without auth (incoming mail) nginx can be used to save resources if only ip not in RBL proxied to servers with MTA. But I don't know is current nginx version used anywhere in production as smtp proxy without auth. IMHO it not ready for production, because of lack smtp pipelining support. Some MTA (probably some sendmail versions/configs) have bad habit to use pipelining even if it support not adversed in EHLO reply.
on 2009-04-05 01:48
Hello! On Sun, Apr 05, 2009 at 01:30:34AM +0400, Anton Yuzhaninov wrote: > > nginx can be used for load balancing between different servers with MTA, > but for load-balancing only better to use something like IPVS (in Linux) > or pf (in BSD). No, you are somewhat wrong here. As smtp proxy with auth nginx is really very usefull to move load away from traditional process-per-connection smtp servers (until user is authenticated). This saves lots of resources when you have many invalid connections (e.g. initiated by malware, bruteforce attacks etc.). This may not be an issue unless you run big mail server though. > not adversed in EHLO reply. Yes. Support for smtp pipelining may be found here: http://mdounin.ru/hg/nginx-mail Maxim Dounin
on 2009-04-22 09:40
Does anyone have a example config of SMTP without Auth they could post in this thread? I am just trying to get going a SMTP Relay Proxy to a internal MTAs from external connections. Or could please point me in the correct direction. Cheers Posted at Nginx Forum: http://forum.nginx.org/read.php?2,786,1267#msg-1267