Mercurial > hg > nginx-site
annotate xml/en/docs/mail/ngx_mail_auth_http_module.xml @ 2778:9cafae0b7ef3
Minor fixes in njs examples.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Thu, 14 Oct 2021 18:53:16 +0100 |
parents | 96d6d66d36e4 |
children | 7b7dbaa7d777 |
rev | line source |
---|---|
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 <!-- |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 Copyright (C) 2006, 2007 Anton Yuzhaninov |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 Copyright (C) Nginx, Inc. |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 --> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 <module name="Module ngx_mail_auth_http_module" |
667
81ac18894319
link and lang tags corrected.
Maxim Konovalov <maxim@nginx.com>
parents:
664
diff
changeset
|
11 link="/en/docs/mail/ngx_mail_auth_http_module.html" |
81ac18894319
link and lang tags corrected.
Maxim Konovalov <maxim@nginx.com>
parents:
664
diff
changeset
|
12 lang="en" |
2757
96d6d66d36e4
Documented Auth-SSL-Protocol and Auth-SSL-Cipher mail auth headers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2676
diff
changeset
|
13 rev="11"> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 <section id="directives" name="Directives"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
16 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
17 <directive name="auth_http"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
18 <syntax><value>URL</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
19 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
20 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
21 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
22 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
23 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
24 Sets the URL of the HTTP authentication server. |
1255
e48d4309e7f2
Mail auth: added link to the protocol in the "auth_http" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1254
diff
changeset
|
25 The protocol is described <link id="protocol">below</link>. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
28 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
29 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
30 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 <directive name="auth_http_header"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 <syntax><value>header</value> <value>value</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 <default/> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
35 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
36 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
37 <para> |
1256
ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1255
diff
changeset
|
38 Appends the specified header to requests sent to the authentication server. |
966 | 39 This header can be used as the shared secret to verify |
40 that the request comes from nginx. | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
41 For example: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
42 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
43 auth_http_header X-Auth-Key "secret_string"; |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
44 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
45 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
46 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
47 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
48 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
50 <directive name="auth_http_pass_client_cert"> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
51 <syntax><literal>on</literal> | <literal>off</literal></syntax> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
52 <default>off</default> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
53 <context>mail</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
54 <context>server</context> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
55 <appeared-in>1.7.11</appeared-in> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
56 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
57 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
58 Appends the <header>Auth-SSL-Cert</header> header with the |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
59 <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client">client</link> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
60 certificate in the PEM format (urlencoded) |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
61 to requests sent to the authentication server. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
62 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
63 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
64 </directive> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
65 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
66 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
67 <directive name="auth_http_timeout"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
68 <syntax><value>time</value></syntax> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
69 <default>60s</default> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
70 <context>mail</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
71 <context>server</context> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
72 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
73 <para> |
1254
f49e326758c0
Mail auth: added description for the "auth_http_timeout" directive.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1066
diff
changeset
|
74 Sets the timeout for communication with the authentication server. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
75 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
76 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
77 </directive> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
78 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
79 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
80 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
81 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
82 <section id="protocol" name="Protocol"> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
83 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
84 <para> |
1256
ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1255
diff
changeset
|
85 The HTTP protocol is used to communicate with the authentication server. |
ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1255
diff
changeset
|
86 The data in the response body is ignored, the information is passed only in |
966 | 87 the headers. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
88 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
89 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
90 <para> |
966 | 91 Examples of requests and responses: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
92 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
93 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
94 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
95 Request: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
96 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
97 GET /auth HTTP/1.0 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
98 Host: localhost |
1887
9af1e88e10c8
Documented SASL EXTERNAL support in mail.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1863
diff
changeset
|
99 Auth-Method: plain # plain/apop/cram-md5/external |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
100 Auth-User: user |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
101 Auth-Pass: password |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
102 Auth-Protocol: imap # imap/pop3/smtp |
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
103 Auth-Login-Attempt: 1 |
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
104 Client-IP: 192.0.2.42 |
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
105 Client-Host: client.example.org |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
106 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
107 Good response: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
108 <example> |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
109 HTTP/1.0 200 OK |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
110 Auth-Status: OK |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
111 Auth-Server: 198.51.100.1 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
112 Auth-Port: 143 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
113 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
114 Bad response: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
115 <example> |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
116 HTTP/1.0 200 OK |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
117 Auth-Status: Invalid login or password |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
118 Auth-Wait: 3 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
119 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
120 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
121 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
122 <para> |
1046 | 123 If there is no <header>Auth-Wait</header> header, |
966 | 124 an error will be returned and the connection will be closed. |
125 The current implementation allocates memory for each authentication attempt. | |
126 The memory is freed only at the end of a session. | |
127 Therefore, the number of invalid authentication attempts in a single session | |
1046 | 128 must be limited — the server must respond without |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
129 the <header>Auth-Wait</header> header after 10-20 attempts |
966 | 130 (the attempt number is passed in the <header>Auth-Login-Attempt</header> |
131 header). | |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
132 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
133 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
134 <para> |
1256
ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1255
diff
changeset
|
135 When the APOP or CRAM-MD5 are used, request-response will look as follows: |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
136 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
137 GET /auth HTTP/1.0 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
138 Host: localhost |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
139 Auth-Method: apop |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
140 Auth-User: user |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
141 Auth-Salt: <238188073.1163692009@mail.example.com> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
142 Auth-Pass: auth_response |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
143 Auth-Protocol: imap |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
144 Auth-Login-Attempt: 1 |
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
145 Client-IP: 192.0.2.42 |
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
146 Client-Host: client.example.org |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
147 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
148 Good response: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
149 <example> |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
150 HTTP/1.0 200 OK |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
151 Auth-Status: OK |
1063
6a19aadc15b2
Updates and unification for mail_auth_http_module examples.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1046
diff
changeset
|
152 Auth-Server: 198.51.100.1 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
153 Auth-Port: 143 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
154 Auth-Pass: plain-text-pass |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
155 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
156 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
157 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
158 <para> |
1256
ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1255
diff
changeset
|
159 If the <header>Auth-User</header> header exists in the response, |
1066
de77e295c073
Documented the "Auth-User" authentication header field.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1065
diff
changeset
|
160 it overrides the username used to authenticate with the backend. |
de77e295c073
Documented the "Auth-User" authentication header field.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1065
diff
changeset
|
161 </para> |
de77e295c073
Documented the "Auth-User" authentication header field.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1065
diff
changeset
|
162 |
de77e295c073
Documented the "Auth-User" authentication header field.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1065
diff
changeset
|
163 <para> |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
164 For the SMTP, the response additionally takes into account |
966 | 165 the <header>Auth-Error-Code</header> header — if exists, it is used |
1064
3ee0ba5f4f08
Updated description of the "Auth-Error-Code" header field.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1063
diff
changeset
|
166 as a response code in case of an error. |
966 | 167 Otherwise, the 535 5.7.0 code will be added to |
1256
ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1255
diff
changeset
|
168 the <header>Auth-Status</header> header. |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
169 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
170 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
171 <para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
172 For example, if the following response is received |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
173 from the authentication server: |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
174 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
175 HTTP/1.0 200 OK |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
176 Auth-Status: Temporary server problem, try again later |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
177 Auth-Error-Code: 451 4.3.0 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
178 Auth-Wait: 3 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
179 </example> |
966 | 180 then the SMTP client will receive an error |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
181 <example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
182 451 4.3.0 Temporary server problem, try again later |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
183 </example> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
184 </para> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
185 |
1065
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
186 <para> |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
187 If proxying SMTP does not require authentication, |
1256
ebfcd76e23b6
Mail auth: corrected articles, rephrased some parts.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1255
diff
changeset
|
188 the request will look as follows: |
1065
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
189 <example> |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
190 GET /auth HTTP/1.0 |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
191 Host: localhost |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
192 Auth-Method: none |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
193 Auth-User: |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
194 Auth-Pass: |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
195 Auth-Protocol: smtp |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
196 Auth-Login-Attempt: 1 |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
197 Client-IP: 192.0.2.42 |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
198 Client-Host: client.example.org |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
199 Auth-SMTP-Helo: client.example.org |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
200 Auth-SMTP-From: MAIL FROM: <> |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
201 Auth-SMTP-To: RCPT TO: <postmaster@mail.example.com> |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
202 </example> |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
203 </para> |
88c0d96b9825
Documented the smtp_auth "none" method.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1064
diff
changeset
|
204 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
205 <para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
206 For the SSL/TLS client connection (1.7.11), |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
207 the <header>Auth-SSL</header> header is added, and |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
208 <header>Auth-SSL-Verify</header> will contain |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
209 the result of client certificate verification, if |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
210 <link doc="ngx_mail_ssl_module.xml" id="ssl_verify_client">enabled</link>: |
1863
fef4ab2d990c
Removed unnecessary version for "FAILED:reason" in $ssl_client_verify.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1856
diff
changeset
|
211 “<literal>SUCCESS</literal>”, “<literal>FAILED:</literal><value>reason</value>”, |
fef4ab2d990c
Removed unnecessary version for "FAILED:reason" in $ssl_client_verify.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1856
diff
changeset
|
212 and “<literal>NONE</literal>” if a certificate was not present. |
1856
7133004fa5b3
$ssl_client_verify extended with a failure reason.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
213 <note> |
7133004fa5b3
$ssl_client_verify extended with a failure reason.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
214 Prior to version 1.11.7, the “<literal>FAILED</literal>” result |
7133004fa5b3
$ssl_client_verify extended with a failure reason.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
215 did not contain the <value>reason</value> string. |
7133004fa5b3
$ssl_client_verify extended with a failure reason.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1429
diff
changeset
|
216 </note> |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
217 When the client certificate was present, |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
218 its details are passed in the following request headers: |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
219 <header>Auth-SSL-Subject</header>, <header>Auth-SSL-Issuer</header>, |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
220 <header>Auth-SSL-Serial</header>, and <header>Auth-SSL-Fingerprint</header>. |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
221 If <link id="auth_http_pass_client_cert"/> is enabled, |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
222 the certificate itself is passed in the |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
223 <header>Auth-SSL-Cert</header> header. |
2757
96d6d66d36e4
Documented Auth-SSL-Protocol and Auth-SSL-Cipher mail auth headers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2676
diff
changeset
|
224 The protocol and cipher of the established connection |
96d6d66d36e4
Documented Auth-SSL-Protocol and Auth-SSL-Cipher mail auth headers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2676
diff
changeset
|
225 are passed in the <header>Auth-SSL-Protocol</header> |
96d6d66d36e4
Documented Auth-SSL-Protocol and Auth-SSL-Cipher mail auth headers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2676
diff
changeset
|
226 and <header>Auth-SSL-Cipher</header> headers (1.21.2). |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
227 The request will look as follows: |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
228 <example> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
229 GET /auth HTTP/1.0 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
230 Host: localhost |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
231 Auth-Method: plain |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
232 Auth-User: user |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
233 Auth-Pass: password |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
234 Auth-Protocol: imap |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
235 Auth-Login-Attempt: 1 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
236 Client-IP: 192.0.2.42 |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
237 Auth-SSL: on |
2757
96d6d66d36e4
Documented Auth-SSL-Protocol and Auth-SSL-Cipher mail auth headers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2676
diff
changeset
|
238 Auth-SSL-Protocol: TLSv1.3 |
96d6d66d36e4
Documented Auth-SSL-Protocol and Auth-SSL-Cipher mail auth headers.
Sergey Kandaurov <pluknet@nginx.com>
parents:
2676
diff
changeset
|
239 Auth-SSL-Cipher: TLS_AES_256_GCM_SHA384 |
1429
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
240 Auth-SSL-Verify: SUCCESS |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
241 Auth-SSL-Subject: /CN=example.com |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
242 Auth-SSL-Issuer: /CN=example.com |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
243 Auth-SSL-Serial: C07AD56B846B5BFF |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
244 Auth-SSL-Fingerprint: 29d6a80a123d13355ed16b4b04605e29cb55a5ad |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
245 </example> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
246 </para> |
06322891b4e3
Client certificate directives in mail_ssl_module and associates.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1256
diff
changeset
|
247 |
2676
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
248 <para id="proxy_protocol"> |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
249 When the |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
250 <link doc="ngx_mail_core_module.xml" id="proxy_protocol">PROXY protocol</link> |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
251 is used, |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
252 its details are passed in the following request headers: |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
253 <header>Proxy-Protocol-Addr</header>, |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
254 <header>Proxy-Protocol-Port</header>, |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
255 <header>Proxy-Protocol-Server-Addr</header>, and |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
256 <header>Proxy-Protocol-Server-Port</header> (1.19.8). |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
257 </para> |
468e6e14e5cc
Documented the PROXY protocol support in mail.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
1887
diff
changeset
|
258 |
664
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
259 </section> |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
260 |
8283b1048b27
Translated mail modules into English.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
261 </module> |