Welcome! Log In Create A New Profile

Advanced

Re: Configuring nginx as mail proxy

Laurent Bonetto
October 24, 2012 05:40PM
Hi Maxim,

Thank you for sticking with me on this. I appreciate very much.

I did understand you meant to change the number of worker_connections. The only reason why I had lowered it was that I got a warning:
nginx: [warn] 1024 worker_connections exceed open file resource limit: 256

After pointing my mail client to localhost, I was finally able to see nginx hit my mock for an authentication request so there is definitely some progress! Unfortunately, the proxying is still not working. More precisely:

nginx hits my authenticate mock server with:
Host: localhost
Auth-User: <my user name>
Auth-Pass: <my password>
Auth-Protocol: pop3
Auth-Login-Attempt: 1
Client-IP: 192.168.1.104
- If my mock responds with
< HTTP/1.1 200 OK
< Content-Type: text/html
< Auth-Status: Invalid login or password
< Auth-Wait: 3
< Content-Length: 0
Then my mail client tells me that I have the incorrect username or password, as expected.

- However, if my mock responds with:
< Auth-Status: OK
< Auth-Server: <my mail server>
< Auth-Port: 110
The the mail client responds with an internal server error.
I added the Auth-Pass (which should not be needed anyway) in the response and that didn't help.


Since I didn't see any error in the error.log from nginx I used wireshark to monitor traffic. I filtered on tcp.port eq 110 and compared side by side the traffic coming from an account using a direct connection to my mail server, and an account going through the nginx proxy. In the second case (through proxy), I do not see any traffic going out to my mail server, suggesting it does not get the info it was expecting from my authentication service.

- Can you think of something I am missing?
- How do I even go about debugging what's happening here apart from what I am already doing (using wireshark)?

Again, for info, here is my current config:


worker_processes 1;

error_log /var/log/nginx/error.log info;

events {
worker_connections 1024;
}

mail {
# I assume server_name comes from Auth-Server so I tried commenting out. Same behavior.
server_name <my mail server>;
auth_http localhost:8080/authorize;

pop3_auth plain;
pop3_capabilities "TOP" "USER" "UIDL";

smtp_auth login plain cram-md5;
smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;

xclient off;

server {
listen 2525;
protocol smtp;
}
server {
listen 110;
protocol pop3;
proxy on;
proxy_pass_error_message on;
}
}



On Oct 24, 2012, at 12:26 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!
>
> On Wed, Oct 24, 2012 at 11:49:43AM -0400, Laurent Bonetto wrote:
>
>> Thanks. That was indeed my first issue. I did sudo port edit
>> nginx, added --with-mail to the config options, reinstalled, and
>> now I am passed that error.
>>
>> I then got an error that no events was present so I just added
>> events {
>> worker_connections 1;
>> }
>
> This isn't going to work. With such a low number of worker
> connections nginx won't be able to start worker processes properly
> (unless you have no listening sockets configured).
>
> Try looking into error log, you should see something like:
>
> 2012/10/24 20:17:53 [alert] 58202#0: 1 worker_connections are not enough
> 2012/10/24 20:17:53 [notice] 58201#0: signal 20 (SIGCHLD) received
> 2012/10/24 20:17:53 [notice] 58201#0: worker process 58202 exited with code 2
> 2012/10/24 20:17:53 [alert] 58201#0: worker process 58202 exited with fatal code 2 and cannot be respawned
>
> You have to set worker_processes to something reasonable.
> Something like 512 as by default is usually a good choice for a
> small test server.
>
>> Now nginx is starting but I never see any hit to my mock service
>> despite it being specified in auth_http
>> auth_http http://localhost:8080/authorize;
>> No errors reported in the error log.
>>
>> When is nginx expected to hit the url specified in nginx? When
>> it gets launched? When an event occurs on the ports 110 and 2525
>> with the protocols I specified?
>
> The auth service is requested when nginx needs to authenticate a
> client and to find out a backend server address to proxy the
> client to.
>
> --
> Maxim Dounin
> http://nginx.com/support.html
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Configuring nginx as mail proxy

Laurent Bonetto October 24, 2012 10:30AM

Re: Configuring nginx as mail proxy

Anton Yuzhaninov October 24, 2012 10:42AM

Re: Configuring nginx as mail proxy

Maxim Dounin October 24, 2012 10:54AM

Re: Configuring nginx as mail proxy

Laurent Bonetto October 24, 2012 11:52AM

Re: Configuring nginx as mail proxy

Maxim Dounin October 24, 2012 12:28PM

Re: Configuring nginx as mail proxy

Maxim Dounin October 24, 2012 12:38PM

Re: Configuring nginx as mail proxy

Laurent Bonetto October 24, 2012 05:40PM

Re: Configuring nginx as mail proxy

Maxim Dounin October 24, 2012 06:56PM

Re: Configuring nginx as mail proxy

Laurent Bonetto October 24, 2012 09:36PM

Re: Configuring nginx as mail proxy

Yanfeng L. November 01, 2012 06:46AM

Re: Configuring nginx as mail proxy

useopenid November 02, 2012 08:11PM

Re: Configuring nginx as mail proxy

dukzcry February 24, 2014 02:11PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 65
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready