imwack
Nginx mail proxy
March 21, 2015 05:40AM
I want to use nginx as a mail proxy.I am new to nginx and need some help
with the configuration, I got some problems.
I want to use Foxmail ,use ngx proxy , this is my configuration.
mail{
#server_name mailProxy;
auth_http localhost:80/php/auth.php;

pop3_capabilities LAST TOP USER PIPELINING UIDL;
pop3_auth plain apop cram-md5;
imap_capabilities IMAP4rev1 UIDPLUS;
smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN;
smtp_auth login plain cram-md5;

server{
listen 25;
protocol smtp;
}
server{
listen 110;
protocol pop3;
proxy on;
proxy_pass_error_message on;
}

server{
listen 143;
protocol imap;
proxy on;
}
}
and my auth script using PHP as follow:
<?php
/*
Nginx sends headers as
Auth-User: user
Auth-Pass: password
In php see as HTTP_AUTH_USER HTTP_AUTH_PASS
*/


if(!isset($_SERVER["HTTP_AUTH_USER"]) ||
!isset($_SERVER["HTTP_AUTH_PASS"])){
fail();
}
$uname = $_SERVER["HTTP_AUTH_USER"];
$upass = $_SERVER["HTTP_AUTH_PASS"];
$protocol = $_SERVER["HTTP_AUTH_PROTOCOL"];

$backend_prot = 110;
if($protocol=="imap"){
$backend_prot = 143;
}
if($protocol=="smtp"){
$backend_prot = 25;
}


$backend_ip = "*.*.*.*"; //backend ip

//auth
if(!authuser($uname,$upass)){
fail();
exit;
}

$server_ip = $backend_ip;

pass($server_ip,$backend_prot);

function authuser($user,$pass){
//auth
return true;
}
function fail(){
header("Auth-Status:failed");
exit;
}
function pass($server,$port){
header("Auth-Status:OK");
header("Auth-Server:$server");
header("Auth-Port:$port");
exit;
}

?>

But this does not run,when i use telnet test,as follow
telnet 192.168.42.132 25
Trying 192.168.42.132...
Connected to 192.168.42.132.
Escape character is '^]'.
220 wack ESMTP ready
auth login
334 VXNlcm5hbWU6
base64(username==)
334 UGFzc3dvcmQ6
base64(password)
451 4.3.2 Internal server error
Connection closed by foreign host.

what's wrong ,and the error log as follow:

2015/03/21 12:35:39 [error] 55719#0: *151 upstream sent invalid response:
"550 insufficient authorization" while reading response from upstream,
client: 192.168.42.132, server: 0.0.0.0:25, login: "***@**.**.cn",
upstream:***.***.***.***:25

The '*' is my username and backend ip. 192.168.42.132 is my vitual machine
ip.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257510,257510#msg-257510

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Dounin
Re: Nginx mail proxy
March 21, 2015 03:40PM
Hello!

On Sat, Mar 21, 2015 at 12:37:40AM -0400, imwack wrote:

> I want to use nginx as a mail proxy.I am new to nginx and need some help
> with the configuration, I got some problems.
> I want to use Foxmail ,use ngx proxy , this is my configuration.

[...]

> But this does not run,when i use telnet test,as follow
> telnet 192.168.42.132 25
> Trying 192.168.42.132...
> Connected to 192.168.42.132.
> Escape character is '^]'.
> 220 wack ESMTP ready
> auth login
> 334 VXNlcm5hbWU6
> base64(username==)
> 334 UGFzc3dvcmQ6
> base64(password)
> 451 4.3.2 Internal server error
> Connection closed by foreign host.
>
> what's wrong ,and the error log as follow:
>
> 2015/03/21 12:35:39 [error] 55719#0: *151 upstream sent invalid response:
> "550 insufficient authorization" while reading response from upstream,
> client: 192.168.42.132, server: 0.0.0.0:25, login: "***@**.**.cn",
> upstream:***.***.***.***:25
>
> The '*' is my username and backend ip. 192.168.42.132 is my vitual machine
> ip.

When using SMTP, nginx won't try to do any authentication against
the backend server, but rather will use XCLIENT command to pass
user credentials, see http://nginx.org/r/xclient. You have to
instruct your SMTP backend to accept XCLIENT from nginx. When
using Postfix, this can be done with
smtpd_authorized_xclient_hosts:

http://www.postfix.org/postconf.5.html#smtpd_authorized_xclient_hosts

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
imwack
Re: Nginx mail proxy
March 22, 2015 05:20AM
The SMTP backend is not mine, I use gmail or something else, what should i
do? Just : "xclient on;" ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257510,257534#msg-257534

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Dounin
Re: Nginx mail proxy
March 22, 2015 11:50AM
Hello!

On Sun, Mar 22, 2015 at 12:17:07AM -0400, imwack wrote:

> The SMTP backend is not mine, I use gmail or something else, what should i
> do? Just : "xclient on;" ?

If the backend isn't your, then nginx mail proxy is a wrong thing
to use.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
peanky
Re: Nginx mail proxy
March 01, 2018 12:00PM
Why using nginx with not my smtp is wrong way?
PS: I see the date ot topic, but this time I try to solve the same problem.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,257510,278855#msg-278855

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Dounin
Re: Nginx mail proxy
March 01, 2018 02:40PM
Hello!

On Thu, Mar 01, 2018 at 05:55:10AM -0500, peanky wrote:

> Why using nginx with not my smtp is wrong way?
> PS: I see the date ot topic, but this time I try to solve the same problem.

Bacause nginx smtp proxy is designed to protect / balance your own
smtp backends. If you want to proxy to external smtp servers,
consider using other solutions.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
peanky
Re: Nginx mail proxy
March 02, 2018 04:00PM
> Bacause nginx smtp proxy is designed to protect / balance your own
> smtp backends. If you want to proxy to external smtp servers,
> consider using other solutions.

Thank you for answer!
1. what is the diff between "my smtp" and "3rd party smtp" from technical
point of view?
2. which other solutions can you imagine? It's very interesting!
3. I've heared that "nginx mail module supports only non-ssl backeds". It's
true?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,257510,278897#msg-278897

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Dounin
Re: Nginx mail proxy
March 02, 2018 05:30PM
Hello!

On Fri, Mar 02, 2018 at 09:54:31AM -0500, peanky wrote:

> > Bacause nginx smtp proxy is designed to protect / balance your own
> > smtp backends. If you want to proxy to external smtp servers,
> > consider using other solutions.
>
> Thank you for answer!
> 1. what is the diff between "my smtp" and "3rd party smtp" from technical
> point of view?

The difference is assumptions made during development, and
solutions implemented according to these assumptions. Most
obvious ones are, as already mentioned in this thread:

- you don't need to bother with authenticating to a backend, but
can use XCLIENT instead;

- you don't need to use SSL to your backends, and can assume
secure internal network instead.

Others include various protocol limitations when it comes to
talking to backends (some exotic yet valid responses might not be
recognized properly), and lack of various negotiations - e.g.,
SMTP pipelining must be supported by the backend if you list it in
the smtp_capabilities.

> 2. which other solutions can you imagine? It's very interesting!

This depends on what you are trying to do. In some basic cases a
TCP proxy as provided by the nginx stream module might do the
trick. In some other - a properly configured SMTP server will be
enough.

> 3. I've heared that "nginx mail module supports only non-ssl backeds". It's
> true?

Yes.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
peanky
Re: Nginx mail proxy
March 06, 2018 09:00AM
Thx, Maxim!
Closed.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,257510,278936#msg-278936

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login