MailCore · Nginx 中文官方文檔

### MailCore Nginx is able to handle and proxy the following mail protocols: Nginx 能夠處理和代理以下郵件協議: - IMAP - POP3 - SMTP #### 認證 nginx uses external HTTP-like server to learn which IMAP/POP backend it should connect to. nginx的IMAP／POP后端處理類似HTTP服務器的連接方式。 nginx passes authorization information in HTTP headers: nginx 在HTTP頭里傳遞授權信息: ~~~ GET /auth HTTP/1.0 Host: auth.server.hostname Auth-Method: plain Auth-User: user Auth-Pass: password Auth-Protocol: imap Auth-Login-Attempt: 1 Client-IP: 192.168.1.1 ~~~ The good response is: 正常的回應是: ~~~ HTTP/1.0 200 OK # this line is actually ignored and may not exist at all 這行可能被忽略或者不可能都存在 Auth-Status: OK Auth-Server: 192.168.1.10 Auth-Port: 110 Auth-User: newname # you may override the user name to login to a backend 你可以重寫用戶名登錄后端 ~~~ When authenticating with APOP for POP3, you must return Auth-Pass as well: 當在POP3中使用APOP協議時，你必須返回驗證密碼如下: ~~~ HTTP/1.0 200 OK # this line is actually ignored and may not exist at all Auth-Status: OK Auth-Server: 192.168.1.10 Auth-Port: 110 Auth-User: newname # you may override the user name to login to a backend Auth-Pass: password # this must be the user's password in cleartext 這里必須是明文形式的用戶密碼 ~~~ The failed response is: 失敗的回應是: ~~~ HTTP/1.0 200 OK # this line is actually ignored and may not exist at all Auth-Status: Invalid login or password Auth-Wait: 3 # nginx will wait 3 seconds before reading Nginx在讀之前等待3秒 # client's login/passwd again ~~~ #### 指令 ### auth Renamed to pop3_auth in 0.5.15 ### imap_capabilities **syntax:***imap_capabilities****"capability1" ["capability2" .. "capabilityN"]*** **default:***"IMAP4" "IMAP4rev1" "UIDPLUS"* **context:***main, server* With this directive you can set the list of [IMAP protocol](http://ietf.org/rfc/rfc3501.txt "http://ietf.org/rfc/rfc3501.txt") extensions presented to the client upon issuing the IMAP command CAPABILITY. [STARTTLS](http://ietf.org/rfc/rfc2595.txt "http://ietf.org/rfc/rfc2595.txt") is automatically added if you enable the starttls directive. 使用這條指令你可以設置IMAP協議列表來擴展現有的客戶端上的IMAP的命令CAPABILITY。如果你啟用了STARTTLS那么STARTTLS命令將自動加入。 The current list of standardized IMAP expansions is published on [www.iana.org](http://www.iana.org/assignments/imap4-capabilities "http://www.iana.org/assignments/imap4-capabilities"). 現在所列出的標準的IMAP擴展發布在[www.iana.org](http://www.iana.org/assignments/imap4-capabilities "http://www.iana.org/assignments/imap4-capabilities")上。 ~~~ mail { imap_capabilities NAMESPACE SORT QUOTA; } ~~~ Will the defaults be also set, I haven't see this in the source?! (al 2007-05-11) 這個設置了默認了？我在源碼中沒有看到！ ### imap_client_buffer **syntax:***imap_client_buffer **size*** **default:***4K/8K* **context:***main, server* With this directive you can set the read buffer for IMAP commands. The default value is equal to the size of a page (this can be either 4K or 8K depending on the platform). ### listen **syntax:***listen****address:port [ bind ]*** **default:***no* **context:***server* The directive specifies the address and port, on which the server accepts requests. It is possible to specify address or port only, besides, an address can be the server name, for example: 當服務器接收請求時，這條指令指定地址和端口。這個可能只知道地址或者端口，另外，地址可能是服務器名，例如： ~~~ listen 127.0.0.1:8000; listen 127.0.0.1; listen 8000; listen *:8000; listen localhost:8000; ~~~ IPv6 address(>=0.7.58) are set in square brackets: ~~~ listen [::]:8000; listen [fe80::1]; ~~~ In directive listen it is possible to indicate the system call bind(2). listen指令可能顯示顯示系統命令 bind. bind -- indicates that it is necessary to make bind(2) separately for this pair of address:port. If several directives listen with identical port but with different addresses and one of the directives listen to all addresses for this port (*:port) then Nginx will make bind(2) only to *:port. In this case the address is determined by the system call getsockname(). bind -- bind指令必須是綁定一對地址：端口。如果多個指令監聽不同地址的相同的端口，另一個指令監聽所有地址的端口(*:端口號)，這樣的話Nginx將指執行 bind的 *:端口號 .這樣的話地址只能是系統命令getsockname()的值。 ### pop3_auth **syntax:***pop3_auth****[plain] [apop] [cram-md5]*** **default:***plain* **context:***main, server* With this directive you can set the permitted methods of authentication for POP3 clients: 使用這條指令你可以設置驗證POP3客戶端的驗證方法: - plain - [USER/PASS](http://ietf.org/rfc/rfc1939.txt "http://ietf.org/rfc/rfc1939.txt") , [AUTH PLAIN](http://ietf.org/rfc/rfc2595.txt "http://ietf.org/rfc/rfc2595.txt") , [AUTH LOGIN](http://www3.ietf.org/proceedings/03jul/I-D/draft-murchison-sasl-login-00.txt "http://www3.ietf.org/proceedings/03jul/I-D/draft-murchison-sasl-login-00.txt") - apop - [APOP](http://ietf.org/rfc/rfc1939.txt "http://ietf.org/rfc/rfc1939.txt") - cram-md5 - [AUTH CRAM-MD5](http://ietf.org/rfc/rfc2195.txt "http://ietf.org/rfc/rfc2195.txt") ### pop3_capabilities **syntax:***pop3_capabilities****"capability1" ["capability2" .. "capabilityN"]*** **default:***"TOP" "USER" "UIDL"* **context:***main, server* With this directive you can set the list of [POP3 protocol](http://ietf.org/rfc/rfc2449.txt "http://ietf.org/rfc/rfc2449.txt") extensions presented to the client upon issuing the POP3 command CAPA. [STLS](http://ietf.org/rfc/rfc2595.txt "http://ietf.org/rfc/rfc2595.txt") is automatically added if you enable the starttls directive and [SASL](http://ietf.org/rfc/rfc2449.txt "http://ietf.org/rfc/rfc2449.txt") is added by the directive [auth](# ""). 使用這條指令你可以設置 [POP3 協議](http://ietf.org/rfc/rfc2449.txt "http://ietf.org/rfc/rfc2449.txt") 列表來擴展現有客戶端上的POP3命令CAPA。如果你啟用了starttls指令STLS將會自動被添加，通過auth，SASL也將被添加。 ### protocol **syntax:***protocol****[ pop3 | imap | smtp ]?;*** **default:***IMAP* **context:***server* This directive set the protocol for this server block. 這條指令設置了服務器塊的協議 ### > server **syntax:***server {...}* **default:***no* **context:***mail* Directive assigns configuration for the virtual server. 指令指定虛擬服務器的配置 There is no clear separation of the virtual servers ip-based and name-based (the value of the line "Host" header in the request). 這里不區分基于IP的虛擬服務器和基于命名的虛擬服務器（Host指從請求頭中獲得） Instead of this by directives listen are described all addresses and ports, on which it is necessary to assume connections for this server, and in directive server_name are indicated all names of servers. Example configurations are described in tuning of virtual servers. 可以替代這個的listen指令描述了連接服務器的所有的地址和端口，和紙條指令的server_name顯示了所有的服務器命名。例如以下配置描述了虛擬服務器的調度 ### server_name **syntax:***server_name name****fqdn_server_host*** **default:***The name of the host, obtained through gethostname()* **context:***mail, server* Directive assigns the names of virtual server, for example: ~~~ server { server_name example.com www.example.com; } ~~~ The first name becomes the basic name of server. By default the name of the machine (hostname) is used. It is possible to use "*" for replacing the first part of the name: 第一個名稱被默認為服務器的基本名詞.被當作默認的機器名使用,這個也可能被*所代替。 ~~~ server { server_name example.com *.example.com; } ~~~ Two of the given name of the above example can be combined into one: 2個給定的名詞在以上的例子中被合并成一個 ~~~ server { server_name .example.com; } ~~~ The basic name of server is used in an HTTP redirects, if no a "Host" header was in client request or that header does not match any assigned server_name. You can also use just "*" to force Nginx to use the "Host" header in the HTTP redirect (note that "*" cannot be used as the first name, but you can use a dummy name such as "_" instead): HTTP重定向中使用了服務器基本名稱，如果客戶端請求中沒有"host"頭或者頭中沒知道server_name.你可以使用“＊”來強制Nginx在HTTP重定向中使用"Host"頭（注釋： "*"不能作為第一命名可以使用"_"代替） ~~~ server { server_name example.com *; } server { server_name _ *; } ~~~ ### smtp_auth **syntax:***smtp_auth****[login] [plain] [cram-md5]?;*** **default:***login plain* **context:***main, server* With this directive you can set the permitted methods of authentication for SMTP clients: 使用這個命令你可以設置SMTP客戶端的驗證方法 - login - [AUTH LOGIN](http://www3.ietf.org/proceedings/03jul/I-D/draft-murchison-sasl-login-00.txt "http://www3.ietf.org/proceedings/03jul/I-D/draft-murchison-sasl-login-00.txt") - plain - [AUTH PLAIN](http://ietf.org/rfc/rfc2595.txt "http://ietf.org/rfc/rfc2595.txt") - cram-md5 - [AUTH CRAM-MD5](http://ietf.org/rfc/rfc2195.txt "http://ietf.org/rfc/rfc2195.txt") ### smtp_capabilities **syntax:***smtp_capabilities****“capability1” [“capability2” .. “capabilityN”]*** **default:***no* **context:***main, server* With this directive you can set the list of SMTP protocol extensions presented to the client upon issuing the EHLO command. This list is automatically extended by the methods enabled with the directive [smtp_auth](# ""). 使用這條指令你可以設置SMTP協議擴展現有的客戶端通過使用EHLO命令.使用smtp_auth指令這個列表將被自動擴展。 The current list of standardized SMTP expansions is published on [www.iana.org](http://www.iana.org/assignments/mail-parameters "http://www.iana.org/assignments/mail-parameters") . 現在標準的SMTP擴展列表發布在[www.iana.org](http://www.iana.org/assignments/mail-parameters "http://www.iana.org/assignments/mail-parameters") ### so_keepalive **syntax:***so_keepalive****on|off***; **default:***off* **context:***main, server* With this directive you can set the socket SO_KEEPALIVE option for the connection to the IMAP/POP3 backend. In FreeBSD the keepalive option is used for all connections and can be turned off through setsockopt no (see sysctl net.inet.tcp.always_keepalive). 通過使用這條指令你可以設置socket連接IMAP／POP3的SO——KEEPALIVE選項。在FREEBSD中這個 keepalive(保持存活) 選項在所有的連接中都有效并且可以使用setsockopt no來關閉。 ### timeout **syntax:***timeout****milliseconds;*** **default:***60000* **context:***main, server* With this directive you can set the time out for proxied connections to the back end. 使用這條指令你可以設置代理連接的超時時間