Module ngx_mail_proxy_module

Directives

proxy_buffer 4k|8k;

Sets size of the buffer used for proxying. The buffer size is equal to one memory page by default. Depending on a platform, this is either 4K or 8K.

proxy_pass_error_message off;

Defines whether to pass the error message obtained during an authentication on the backend to the client.

Usually, if the authentication in nginx was successful, backend can’t return an error, but if it nonetheless exists, this means there is some problem inside. In such cases the backend message can contain the information that should not be shown to the client. However responding with an error for the correct password is a normal behavior of some POP3 servers. For example, CommuniGatePro informs user about mailbox overflow or other events by periodically outputting the authentication error. The directive should be enabled in this case.

proxy_timeout 24h;

Defines a timeout used after the proxying to the backend had started.

xclient on;

Enables or disables issuing of the XCLIENT command upon the connection to the SMTP backend. For the XCLIENT command to work it is required to have Postfix with the patch, which adds the LOGIN parameter. If the XCLIENT command is not used, the MTA will be unable to write the client’s IP/HELO/LOGIN to the log and apply various limitations based on this data.

If the xclient is enabled, then upon a backend connection nginx first issues

EHLO server_name

and then

XCLIENT PROTO=ESMTP HELO=client_hello ADDR=192.168.1.1 LOGIN=good_user NAME=[UNAVAILABLE]

If the client upon a connection to nginx issued the EHLO, then the XCLIENT command will pass the PROTO=ESMTP. Otherwise, PROTO=SMTP will be passed. The IP address of a client is specified in the ADDR parameter, and since nginx does not use DNS to resolve the hostname, the NAME=[UNAVAILABLE] is specified.

If the xclient is disabled, then the EHLO is issued upon the connection to the backend if the client had passed it and the HELO otherwise.