Dear all,

I am by no means an experienced nginx user, but I have nginx working for
HTTP & IMAP and am now trying to add SMTP to the mix.

I require authentication for the SMTP server and am experiencing a
problem in that the first AUTH command that comes from the client does
not get passed through to the server by nginx; only the second one does.
Here is a telnet session to illustrate (an email client like Thunderbird
would of course not send the second AUTH command):

> telnet aurichvm04 465
Trying 192.168.1.154...
Connected to aurichvm04.ostfriesland.
Escape character is '^]'.
220 aurichvm04 ESMTP ready
AUTH PLAIN <base64 encoded user & password>
235 2.0.0 OK
AUTH PLAIN <base64 encoded user & password>
235 2.7.0 Authentication successful

According to wireshark, rather than sending the AUTH command the first
time, nginx just sends a HELO command. The second time the AUTH command
is issued by the client, nginx passes it through (as I would expect it
to do the first time round).

I include my nginx.conf and sites-availabe/default below. I am using the
current Debian unstable package (0.7.65-1). My server is Postfix.

I few notes on the config:
- I am using a trivial authentication server.
- I have turned ssl off for test purposes.
- I have turned xclient off because Postfix does not accept the xclient
login attribute. (I don't believe it is required?)

If you could help that would be great!

Thanks a lot & best regards,
Andree


--8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<--
nginx.conf:

user www-data;
worker_processes 1;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;

access_log /var/log/nginx/access.log;

sendfile on;

keepalive_timeout 65;
tcp_nodelay on;

gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

mail {
ssl off;

ssl_certificate /etc/ssl/certs/aurichvm04.ostfriesland_cert.pem;

ssl_certificate_key /etc/ssl/private/aurichvm04.ostfriesland_key.pem;
ssl_session_timeout 5m;

server {
listen aurichvm04.ostfriesland:993;
protocol imap;

imap_capabilities "IMAP4rev1" "SORT" "THREAD=REFERENCES"
"MULTIAPPEND" "UNSELECT" "LITERAL+" "IDLE" "CHILDREN" "NAMESPACE"

proxy on;
auth_http 127.0.0.1:9000/auth-imap/;
}

server {
listen aurichvm04.ostfriesland:465;
protocol smtp;

smtp_capabilities "SIZE 10240000" "VRFY" "ETRN"
"ENHANCEDSTATUSCODES" "8BITMIME" "DSN" "AUTH PLAIN LOGIN"

proxy on;
xclient off;
auth_http 127.0.0.1:9000/auth-smtp/;
}
}


--8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<----8<--
sites-available/default:

server {
listen localhost:9000;

access_log /var/log/nginx/localhost_AUTH.access.log;

location = /auth-imap/ {
add_header Auth-Status OK;
add_header Auth-Server 192.168.1.152;
add_header Auth-Port 143;

empty_gif;
}

location = /auth-smtp/ {
add_header Auth-Status OK;
add_header Auth-Server 192.168.1.152;
add_header Auth-Port 25;

empty_gif;
}
}

server {
listen 443;
server_name aurichvm04.ostfriesland;

ssl on;

ssl_certificate /etc/ssl/certs/aurichvm04.ostfriesland_cert.pem;

ssl_certificate_key /etc/ssl/private/aurichvm04.ostfriesland_key.pem;
ssl_session_timeout 5m;


access_log /var/log/nginx/aurichvm04.ostfriesland_HTTPS.access.log;

location / {
proxy_pass http://emden3:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}
}
--
Andree Leidenfrost
Sydney - Australia
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx