On Fri, Jul 03, 2020 at 08:38:09AM -0400, siva.pannier wrote:
Hi there,
> My understanding from your suggestions is that you do not want me to make
> any corrections on the client code. I just need to make corrections on the
> Nginx configuration as per the blog link.
Not quite, no.
You need to know which of the smtp-involving-ssl protocols you want your
client to speak.
You need to know which of the smtp-involving-ssl protocols your upstream
server speaks.
Then you decide how (and whether) to configure nginx to translate between
the two.
>From your report, your client already works with nginx using stream{}
and no ssl, because your client uses smtp+starttls and your upstream
server uses smtp+starttls.
So maybe there is nothing that you need to change.
> I am trying to understand that blog, going through again and again. so far I
> understand that it creates a SSL layer first through which it accepts the
> client request.
Maybe.
That document describes multiple possible ways of configuring things.
You will want to use exactly one way.
If you use the nginx mail{} with "ssl on", then what you suggest is
correct.
If you do not use "ssl on", then it is not correct.
> Client should point to my proxy host and one of the ports
> listed under "mail{... }". Proxy server identifies the upstream host based
> on the username came from the client request. Then the call is routed to
> actual upstream host based on the port. Please correct me if I am wrong
> anywhere.
When nginx is configured to proxy a message to an upstream server,
it needs to know which upstream server to talk to.
If you use nginx stream{}, you configure the upstream using proxy_pass. If
you use nginx mail{}, as this document does, you configure the upstream
indirectly using auth_http. auth_http refers to a http url that is
expected to return an indication of which server:port the connection
should be proxied to. How it does that is up to you to write -- maybe
it differs per user and per port; maybe it always gives the same response.
> My questions are
> 1) Significance of this line "auth_http
> localhost:9000/cgi-bin/nginxauth.cgi;" is just to have my own authorization
> logic and return the valid upstream server host based on the username. Is it
> correct?
http://nginx.org/r/auth_http
> 2) I want to know what does this mean "smtp_auth login plain cram-md5;".
> Does the connection to actual upstream happen here?
http://nginx.org/r/smtp_auth
The connection to upstream cannot happen until after nginx knows which
upstream to connect to. And that comes from the auth_http response. The
auth_http request includes the details provided by the client in response
to the smtp_auth "challenge".
> Please help me on this and also share links supporting the above
> configuration.
There is a lot of information at http://nginx.org/en/docs/
The "ngx_mail_*" modules are grouped together.
For a lot of this, if the documentation is unclear, you may be better
off building a test system and seeing what happens when you try things.
If that results in the unclear documentation being made clear, that
is good.
Good luck with it,
f
--
Francis Daly fran...@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
