smtp_auth
The smtp_auth directive specifies the authentication mechanisms supported for SMTP clients.
Description
The smtp_auth directive allows the NGINX Mail Module to define which authentication methods are enabled for SMTP connections. This directive must be used inside the mail context and enables the server to authenticate mail clients via specified methods such as LOGIN, PLAIN, CRAM-MD5, and others. By listing one or more authentication mechanisms, the directive informs NGINX on which methods it can rely on for verifying the credentials of SMTP clients attempting to connect. If multiple methods are specified, they are attempted in the order provided until one succeeds or all fail.
In practice, when a client connects to the SMTP server, it will present its credentials based on the authentication methods supported by the server. The server then processes these credentials according to the mechanisms defined in the smtp_auth directive. It's important to note that using insecure methods should be avoided unless combined with a secure transport protocol, such as TLS, to encrypt the authentication data during transmission.
Config Example
mail {
smtp_auth LOGIN PLAIN;
server {
listen 25;
}
}Ensure the authentication methods specified are supported and secure, especially LOGIN and PLAIN, which should use TLS for encryption.
Multiple authentication methods should be listed in the preferred order; the first successful method will be used to authenticate the client.
Configuration may not take effect until NGINX is reloaded, ensure to test configurations before deployment.