> On 9 Mar 2017, at 20:28, Marty Lee <ma...@maui-systems.co.uk> wrote: > > Hi, > > I’m playing with using Nginx as an IMAP and SMTP proxy for our mail servers, > as it will help us migrate and horizontally scale. Sorted the Nginx/Cyrus > stuff out, and can proxy IMAP sessions to multiple back end mail servers. > > The problem I'm having, is trying to use a standard mail client to send email, > and I think there is a high chance I’ve missed some important configuration > command, or maybe just misunderstood what’s going on - hence this email. > > Quick summary: > > Postfix on the mail server seems to be ignoring the XCLIENT ’LOGIN’ passed > to it via Nginx, and Postfix on the mail server thinks I’m trying to > relay email, and blocks it. > > If I point a mail client at Postfix on the mail server directly, it > authenticates and then accepts email as per expected, so the authentication > piece is fine. >
To answer my own question, and for the benefit of anyone else looking at this problem, the problem was: smtpd_tls_auth_only = yes Nginx makes a connection to Postfix on port 25, and doesn’t start a TLS session, so the SMTP response to EHLO didn’t include any ‘AUTH’ statements. If I switch things to smtpd_tls_auth_only = no then the AUTH option is presented, and the XCLIENT ‘LOGIN’ value is picked up and used properly. I don’t want to leave 'smtpd_tls_auth_only = no’, so I’ll set up an stunnel so that Nginx uses an SSL tunnel to get to Postfix, and Postfix will then offer up AUTH options. Unless anyone has any other bright ideas that would let me set options for smtpd_tls_auth_only on a per interface/port basis? Cheers marty
