1
<?xml version="1.0"?>
2

3
<!--
4
  Copyright (C) 2006, 2007 Anton Yuzhaninov
5
  Copyright (C) Nginx, Inc.
6
  -->
7

8
<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
9

10
<module name="Module ngx_mail_proxy_module"
11
        link="/en/docs/mail/ngx_mail_proxy_module.html"
12
        lang="en"
13
        rev="6">
14

15
<section id="directives" name="Directives">
16

17
<!--
18
<directive name="proxy">
19
<syntax><literal>on</literal> | <literal>off</literal></syntax>
20
<default>off</default>
21
<context>mail</context>
22
<context>server</context>
23

24
<para>
25
Not tested anywhere in the current version.
26
</para>
27

28
</directive>
29
-->
30

31

32
<directive name="proxy_buffer">
33
<syntax><value>size</value></syntax>
34
<default>4k|8k</default>
35
<context>mail</context>
36
<context>server</context>
37

38
<para>
39
Sets the size of the buffer used for proxying.
40
By default, the buffer size is equal to one memory page.
41
Depending on a platform, it is either 4K or 8K.
42
</para>
43

44
</directive>
45

46

47
<directive name="proxy_pass_error_message">
48
<syntax><literal>on</literal> | <literal>off</literal></syntax>
49
<default>off</default>
50
<context>mail</context>
51
<context>server</context>
52

53
<para>
54
Indicates whether to pass the error message obtained during
55
the authentication on the backend to the client.
56
</para>
57

58
<para>
59
Usually, if the authentication in nginx is a success,
60
the backend cannot return an error.
61
If it nevertheless returns an error,
62
it means some internal error has occurred.
63
In such case the backend message can contain information
64
that should not be shown to the client.
65
However, responding with an error for the correct password
66
is a normal behavior for some POP3 servers.
67
For example, CommuniGatePro informs a user about
68
<link url="http://www.stalker.com/CommuniGatePro/Alerts.html#Quota">mailbox
69
overflow</link> or other events by periodically outputting the
70
<link url="http://www.stalker.com/CommuniGatePro/POP.html#Alerts">authentication
71
error</link>.
72
The directive should be enabled in this case.
73
</para>
74

75
</directive>
76

77

78
<directive name="proxy_protocol">
79
<syntax><literal>on</literal> | <literal>off</literal></syntax>
80
<default>off</default>
81
<context>mail</context>
82
<context>server</context>
83
<appeared-in>1.19.8</appeared-in>
84

85
<para>
86
Enables the
87
<link url="http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt">PROXY
88
protocol</link> for connections to a backend.
89
</para>
90

91
</directive>
92

93

94
<directive name="proxy_smtp_auth">
95
<syntax><literal>on</literal> | <literal>off</literal></syntax>
96
<default>off</default>
97
<context>mail</context>
98
<context>server</context>
99
<appeared-in>1.19.4</appeared-in>
100

101
<para>
102
Enables or disables user authentication on the SMTP backend
103
using the <literal>AUTH</literal> command.
104
</para>
105

106
<para>
107
If <link id="xclient">XCLIENT</link> is also enabled,
108
then the <literal>XCLIENT</literal> command will not send
109
the <literal>LOGIN</literal> parameter.
110
</para>
111

112
</directive>
113

114

115
<directive name="proxy_timeout">
116
<syntax><value>timeout</value></syntax>
117
<default>24h</default>
118
<context>mail</context>
119
<context>server</context>
120

121
<para>
122
Sets the <value>timeout</value> between two successive
123
read or write operations on client or proxied server connections.
124
If no data is transmitted within this time, the connection is closed.
125
</para>
126

127
</directive>
128

129

130
<directive name="xclient">
131
<syntax><literal>on</literal> | <literal>off</literal></syntax>
132
<default>on</default>
133
<context>mail</context>
134
<context>server</context>
135

136
<para>
137
Enables or disables the passing of the
138
<link url="http://www.postfix.org/XCLIENT_README.html">XCLIENT</link>
139
command with client parameters when connecting to the SMTP backend.
140
</para>
141

142
<para>
143
With <literal>XCLIENT</literal>, the MTA is able to write client information
144
to the log and apply various limitations based on this data.
145
</para>
146

147
<para>
148
If <literal>XCLIENT</literal> is enabled
149
then nginx passes the following commands when connecting to the backend:
150
<list type="bullet">
151
<listitem>
152
<literal>EHLO</literal> with the
153
<link doc="ngx_mail_core_module.xml" id="server_name">server name</link>
154
</listitem>
155

156
<listitem>
157
<literal>
158
XCLIENT
159
</literal>
160
</listitem>
161

162
<listitem>
163
<literal>EHLO</literal> or <literal>HELO</literal>,
164
as passed by the client
165
</listitem>
166
</list>
167
</para>
168

169
<para>
170
If the name
171
<link doc="ngx_mail_core_module.xml" id="resolver">found</link>
172
by the client IP address points to the same address,
173
it is passed in the <literal>NAME</literal> parameter
174
of the <literal>XCLIENT</literal> command.
175
If the name could not be found, points to a different address,
176
or <link doc="ngx_mail_core_module.xml" id="resolver"/> is not specified,
177
the <literal>[UNAVAILABLE]</literal> is passed
178
in the <literal>NAME</literal> parameter.
179
If an error has occurred in the process of resolving,
180
the <literal>[TEMPUNAVAIL]</literal> value is used.
181
</para>
182

183
<para>
184
If <literal>XCLIENT</literal> is disabled
185
then nginx passes the <literal>EHLO</literal> command with the
186
<link doc="ngx_mail_core_module.xml" id="server_name">server name</link>
187
when connecting to the backend if the client has passed
188
<literal>EHLO</literal>,
189
or <literal>HELO</literal> with the server name, otherwise.
190
</para>
191

192
</directive>
193

194
</section>
195

196
</module>
197

198