Dear all,
I am by no means an experienced nginx user, but I have nginx working for
HTTP & IMAP and am now trying to add SMTP to the mix.
I require authentication for the SMTP server and am experiencing a
problem in that the first AUTH command that comes from the client does
not get passed through to the server by nginx; only the second one does.
Here is a telnet session to illustrate (an email client like Thunderbird
would of course not send the second AUTH command):
telnet aurichvm04 465
Trying 192.168.1.154…
Connected to aurichvm04.ostfriesland.
Escape character is ‘^]’.
220 aurichvm04 ESMTP ready
AUTH PLAIN <base64 encoded user & password>
235 2.0.0 OK
AUTH PLAIN <base64 encoded user & password>
235 2.7.0 Authentication successful
According to wireshark, rather than sending the AUTH command the first
time, nginx just sends a HELO command. The second time the AUTH command
is issued by the client, nginx passes it through (as I would expect it
to do the first time round).
I include my nginx.conf and sites-availabe/default below. I am using the
current Debian unstable package (0.7.65-1). My server is Postfix.
I few notes on the config:
- I am using a trivial authentication server.
- I have turned ssl off for test purposes.
- I have turned xclient off because Postfix does not accept the xclient
login attribute. (I don’t believe it is required?)
If you could help that would be great!
Thanks a lot & best regards,
Andree
–8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<–
nginx.conf:
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
mail {
ssl off;
ssl_certificate
/etc/ssl/certs/aurichvm04.ostfriesland_cert.pem;
ssl_certificate_key
/etc/ssl/private/aurichvm04.ostfriesland_key.pem;
ssl_session_timeout 5m;
server {
listen aurichvm04.ostfriesland:993;
protocol imap;
imap_capabilities "IMAP4rev1" "SORT" "THREAD=REFERENCES"
“MULTIAPPEND” “UNSELECT” “LITERAL+” “IDLE” “CHILDREN” “NAMESPACE”
proxy on;
auth_http 127.0.0.1:9000/auth-imap/;
}
server {
listen aurichvm04.ostfriesland:465;
protocol smtp;
smtp_capabilities "SIZE 10240000" "VRFY" "ETRN"
“ENHANCEDSTATUSCODES” “8BITMIME” “DSN” “AUTH PLAIN LOGIN”
proxy on;
xclient off;
auth_http 127.0.0.1:9000/auth-smtp/;
}
}
–8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<–
sites-available/default:
server {
listen localhost:9000;
access_log /var/log/nginx/localhost_AUTH.access.log;
location = /auth-imap/ {
add_header Auth-Status OK;
add_header Auth-Server 192.168.1.152;
add_header Auth-Port 143;
empty_gif;
}
location = /auth-smtp/ {
add_header Auth-Status OK;
add_header Auth-Server 192.168.1.152;
add_header Auth-Port 25;
empty_gif;
}
}
server {
listen 443;
server_name aurichvm04.ostfriesland;
ssl on;
ssl_certificate
/etc/ssl/certs/aurichvm04.ostfriesland_cert.pem;
ssl_certificate_key
/etc/ssl/private/aurichvm04.ostfriesland_key.pem;
ssl_session_timeout 5m;
access_log
/var/log/nginx/aurichvm04.ostfriesland_HTTPS.access.log;
location / {
proxy_pass http://emden3:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}
}