nginx proxy to dovecot servers

Sami Ketola sami.ketola at dovecot.fi
Fri Jun 3 08:27:55 UTC 2016


> On 02 Jun 2016, at 23:07, KT Walrus <kevin at my.walr.us> wrote:
> 
> I’m trying to understand how the nginx mail proxy and dovecot work. 
> 
> As a I understand it, nginx can listen on a IP:port for IMAP connections. NGINX then can invoke a PHP script to do authorization and backend server selection.
> 
> Does NGINX than proxy to the backend dovecot IMAP server all subsequent IMAP commands that the user’s mail client requests?
> 
> Does the backend dovecot IMAP server do its own authentication with another MySQL password lookup? Or, since NGINX has done the authentication, the password_query lookup is skipped on the dovecot server? I assume the dovecot IMAP server still needs to do a MySQL user_query lookup (to find the location of the user’s mailbox on the server), but I am wondering whether the password will be checked twice, once by NGINX and a second time by dovecot IMAP.

Hi,

you can always skip password check on dovecot side with static passdb that accepts all passwords if you are absolutely sure that the session has been authenticated earlier. Also you could switch the session from using user password to using a master password at the proxy if NGINX supports this. 

btw, what is the reasong for NGINX proxy anyway? Since dovecot proxy can do this for you too.

Sami




More information about the dovecot mailing list