1

We are using nginx 1.7.3 as a reverse proxy for our Mail SMTP service. For authentication of each SMTP connection, we have configured nginx to connect with a http based service for authentication. Here is a snippet of our nginx config:

mail {
    # auth_server
    auth_http auth_host:auth_port/authserver;

    # mail server
    server {
        protocol                 smtp;
        listen                   25;
        proxy                    on;
        xclient                  on;
        timeout                  15;
        starttls                 on;
        ... other configs... 
    }
}

With above config, we notice that nginx closes the connection after every auth request/response to Mail Authentication Server (auth_http auth_host:auth_port/authserver;) based on tcpdump analysis. We would like to make this connection persistent so that we could reuse connection for multiple auth requests.

I looked at nginx mail auth module documentation (http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http_header ) but I don't see any directive to make mail auth connection persistent. Please let me know if this is possible with nginx and if yes then what directive could be used?

I also looked at ngx_http_upstream_module (http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) which has "keepalive" directive but my understanding is this directive is for http upstream server not for mail auth server.

Prabhash Rathore
  • 111
  • 3
  • Why, what problem is it causing? Is the connection being closed by Nginx or the mail server? – Tim May 16 '17 at 19:15
  • Connection is closed by nginx. We are looking to optimize the mail auth part. We get millions of SMTP connection request and for each connection request, we create new connection to auth server and then close connection. This is an overhead in terms of CPU and network. We want to see if we could use persistent connections, hence saving on repeated tcp connection handshake and tear down. – Prabhash Rathore May 16 '17 at 19:33
  • My reading of the docs doesn't reveal anything. If no-one else can come up with anything it may require a source code change to achieve this. – Tim May 16 '17 at 19:39

0 Answers0