Forum: NGINX Config Mail Proxy for POP3/SMTP microsoft exchange

2974d09ac2541e892966b762aad84943?d=identicon&s=25 hcmnttan (Guest)
on 2013-10-16 09:44
(Received via mailing list)
Hi there,

Is NGINX support Microsoft Exchange POP3 / SMTP ???
If yes, can anyone help me to config NGINX as reverse proxy for MS
Exchange.

Followed the link : http://wiki.nginx.org/ImapProxyExample  but I could
still dont understand where to put the IP POP3/IMAP target server's IP

Many thanks.
Tan

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243743,243743#msg-243743
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-16 12:48
(Received via mailing list)
Hello!

On Wed, Oct 16, 2013 at 03:43:53AM -0400, hcmnttan wrote:

> Hi there,
>
> Is NGINX support Microsoft Exchange POP3 / SMTP ???
> If yes, can anyone help me to config NGINX as reverse proxy for MS Exchange.
>
> Followed the link : http://wiki.nginx.org/ImapProxyExample  but I could
> still dont understand where to put the IP POP3/IMAP target server's IP

Backend server IP address should be returned by auth_http in the
Auth-Server header.  See authentication protocol description here:

http://nginx.org/en/docs/mail/ngx_mail_auth_http_m...

--
Maxim Dounin
http://nginx.org/en/donation.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 hcmnttan (Guest)
on 2013-10-17 04:42
(Received via mailing list)
Thanks for your respond.
So we must 1st setup an HTTP authentication server (PHP or something )
for
auth_http, right ?
Could you tell me a little more how to setup this HTTP authen URL ?

In my example:
     NGINX server IP            : 192.168.1.100
     POP3 / SMTP server IP : 192.168.1.101

Thanks.
Tan

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243743,243780#msg-243780
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-17 11:07
(Received via mailing list)
Hello!

On Wed, Oct 16, 2013 at 10:42:24PM -0400, hcmnttan wrote:

> Thanks for your respond.
> So we must 1st setup an HTTP authentication server (PHP or something ) for
> auth_http, right ?

Yes.

> Could you tell me a little more how to setup this HTTP authen URL ?
>
> In my example:
>      NGINX server IP            : 192.168.1.100
>      POP3 / SMTP server IP : 192.168.1.101

There were couple of examples here:

http://wiki.nginx.org/Configuration#Mail_examples

--
Maxim Dounin
http://nginx.org/en/donation.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 hcmnttan (Guest)
on 2013-10-17 11:56
(Received via mailing list)
I found that link before,
Things I wonder is that where  "localhost:9000/cgi-bin/auth;" is coming
from? Is it a http URL ?

I don't know how to define "localhost:9000/cgi-bin/auth" URL for
auth_http
Sorry if my question is so silly. I'm very new to NGINX.

Thanks

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243743,243787#msg-243787
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-17 14:04
(Received via mailing list)
Hello!

On Thu, Oct 17, 2013 at 05:55:46AM -0400, hcmnttan wrote:

> I found that link before,
> Things I wonder is that where  "localhost:9000/cgi-bin/auth;" is coming
> from? Is it a http URL ?
>
> I don't know how to define "localhost:9000/cgi-bin/auth" URL for auth_http
> Sorry if my question is so silly. I'm very new to NGINX.

It's an auth http script URL - it's a script you are expected to
write to check passwords/return appropriate backends in your
system.  Try looking at other configuration examples at the link
provided to see complete examples with some simple auth scripts
included.

--
Maxim Dounin
http://nginx.org/en/donation.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 hcmnttan (Guest)
on 2013-10-19 11:37
(Received via mailing list)
Thanks Max,

I could config NGINX work for POP3,
But in SMTP, I just could do auth login only, when send a test email, an
error message appear ( using telnet )
--------------------------------------------------
telnet 192.168.1.15 25

220 mailproxy ESMTP ready
auth login
334 VXNlcm5hbWU6
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
334 UGFzc3dvcmQ6
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
235 2.0.0 OK
mail from: nt.tan@abc.com.vn
250 2.1.0 Sender OK
rcpt to: nt.tan@abc.com.vn
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
subject: Test mail
test
.
550 5.7.1 Client does not have permissions to send as this sender
--------------------------------------------------

I could do a test telnet from nginx to backend SMTP server. Could you
help
??
Below is my config file


--------------------------------------------------
nginx.conf

user  nobody;
worker_processes  1;
error_log  logs/error.log  info;
pid        run/nginx.pid;

events {
  worker_connections  1024;
  multi_accept on;
}

http {
  perl_modules  perl/lib;
  perl_require  mailauth.pm;

  server {
    location /auth {
      perl  mailauth::handler;
    }
  }
}

mail {
  auth_http  127.0.0.1:80/auth;

  pop3_capabilities  "TOP"  "USER";
  smtp_capabilities "PIPELINING" "SIZE 10240000" "VRFY" "ETRN"
"ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
  smtp_auth LOGIN ;
  xclient off;

  server {
    listen     110;
    protocol   pop3;
    proxy      on;
  }

  server {
    listen 25;
    protocol smtp;
    proxy on;
  }
}
--------------------------------------------------

mailauth.pm

package mailauth;
use nginx;

our $auth_ok;
our $protocol_ports={};
$cas="172.16.3.22";
$protocol_ports->{'pop3'}=110;
$protocol_ports->{'smtp'}=25;

sub handler {
    my $r = shift;
        $r->header_out("Auth-Status", "OK") ;
        $r->header_out("Auth-Server", $cas );
        $r->header_out("Auth-Port",
$protocol_ports->{$r->header_in("Auth-Protocol")});
        $r->send_http_header("text/html");
            return OK;
}
1;
__END__
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2013-10-19 12:05
(Received via mailing list)
Hello!

On Sat, Oct 19, 2013 at 05:36:54AM -0400, hcmnttan wrote:

> 334 VXNlcm5hbWU6
> subject: Test mail
> test
> .
> 550 5.7.1 Client does not have permissions to send as this sender
> --------------------------------------------------
>
> I could do a test telnet from nginx to backend SMTP server. Could you help
> ??
> Below is my config file

It's an error from your backend server.  Please note that nginx
doesn't try to authenticate against SMTP backends.  Instead, it
uses xclient to pass username to a backend, but in your config
it's switched off.

--
Maxim Dounin
http://nginx.org/en/donation.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 hcmnttan (Guest)
on 2013-10-21 04:31
(Received via mailing list)
Thanks,
It works for me now.
The error "550 5.7.1 Client does not have permissions to send as this
sender" is because our SMTP back-end did not accept SMTP relay from
NGINX.
Configure SMTP backend allow NGINX relay fix my error.

I used xclient-> on, when I try to auth login, SMTP backend return error
with code "500 5.3.3 Unrecognized command" like my SMTP does not support
xclient ( I guess)

Thanks
Tan

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243743,243879#msg-243879
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.