Hello! On Tue, Sep 19, 2023 at 12:28:49PM +0200, Arnout Engelen wrote:
> # HG changeset patch > # User Arnout Engelen <arn...@bzzt.net> > # Date 1695027670 -7200 > # Mon Sep 18 11:01:10 2023 +0200 > # Node ID 9606e589b9537495c0457383048ac6888be0e7b4 > # Parent daf8f5ba23d8e9955b22782d945f9c065f4b6baa > Mail: allow auth to the proxy without auth to the backend > > Currently, when the client authenticates itself to the nginx > mail proxy, the mail proxy also authenticates itself to the > backend. > > I encountered a situation where I wanted the proxy to require > authentication, and forward the mail to a (local/firewalled) > mailserver that does not have authentication configured. I > created the patch below to support that. > > I'm providing this patch primarily for feedback at this point: > while it does work for my scenario and pass the nginx-tests, > it likely needs additional cleanup and testing. I'd like your > thoughs on whether this change makes sense in the first place, > and whether this is generally a reasonable approach - if so I'll > clean up the patch further. > > My approach is to allow the authentication server to return a > 'Auth-Method: none' header, in which case the proxy will not > attempt to authenticate to the backend but instead wait for > the 'MAIL FROM' from the client. > > You'll notice I've added a 'proxy_auth_method'. The reason I didn't > overwrite 'auth_method' is that 'auth_method' is also used to determine > whether to confirm the authentication to the client. Is that acceptable > from a binary compatibility perspective? > > Looking forward to hearing your thoughts! From the description it is not clear why "proxy_smtp_auth off;" (which is the default and implies that nginx won't try to authenticate against SMTP backends) does not work for you. Could you please elaborate? [...] -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
