# Proxy The module enables support for mail protocols (POP3, IMAP, SMTP), allowing the server to act as a proxy between clients and mail servers. It establishes connections with servers, performs secure authentication using plain text, SSL/TLS, or STARTTLS, properly routes client traffic, and supports flexible authentication method and server selection. ## Directives ### proxy_buffer | [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | `proxy_buffer` size; | |------------------------------------------------------------------------------------------|------------------------| | Default | `proxy_buffer 4k|8k;` | | [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | mail, server | Sets the size of the buffer used for proxying. By default, the buffer size is equal to one memory page. Depending on a platform, it is either 4K or 8K. ### proxy_pass_error_message | [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | `proxy_pass_error_message` `on` | `off`; | |------------------------------------------------------------------------------------------|--------------------------------------------| | Default | `proxy_pass_error_message off;` | | [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | mail, server | Determines whether to pass the error message obtained during authentication on the backend to the client. Usually, if authentication in Angie is successful, the backend cannot return an error. If it nevertheless returns an error, it means some internal error has occurred. In such cases the backend message may contain information that should not be shown to the client. However, responding with an error for the correct password is normal behavior for some POP3 servers. The directive should be enabled in this case. ### proxy_protocol | [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | `proxy_protocol` `on` | `off`; | |------------------------------------------------------------------------------------------|----------------------------------| | Default | `proxy_protocol off;` | | [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | mail, server | Enables the [PROXY protocol](http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) for connections to a backend. ### proxy_smtp_auth | [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | `proxy_smtp_auth` `on` | `off`; | |------------------------------------------------------------------------------------------|-----------------------------------| | Default | `proxy_smtp_auth off;` | | [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | mail, server | Enables or disables user authentication on the SMTP backend using the AUTH command. If [XCLIENT](#m-xclient) is also enabled, then the XCLIENT command will not send the LOGIN parameter. ### proxy_timeout | [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | `proxy_timeout` time; | |------------------------------------------------------------------------------------------|-------------------------| | Default | `proxy_timeout 24h;` | | [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | mail, server | Sets the timeout between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed. ### xclient | [Syntax](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | `xclient` `on` | `off`; | |------------------------------------------------------------------------------------------|---------------------------| | Default | `xclient on;` | | [Context](https://en.angie.software//angie/docs/configuration/configfile.md#configfile) | mail, server | Enables or disables the passing of the [XCLIENT](http://www.postfix.org/XCLIENT_README.html) command with client parameters when connecting to the SMTP backend. With `XCLIENT`, the MTA is able to write client information to the log and apply various limitations based on this data. If `XCLIENT` is enabled then Angie passes the following commands when connecting to the backend: * `EHLO` with the [server name](https://en.angie.software//angie/docs/configuration/modules/mail/index.md#m-server-name) * `XCLIENT` * `EHLO` or `HELO`, as passed by the client If the name [found](https://en.angie.software//angie/docs/configuration/modules/mail/index.md#m-resolver) by the client IP address points to the same address, it is passed in the `NAME` parameter of the `XCLIENT` command. If the name could not be found, points to a different address, or [resolver](https://en.angie.software//angie/docs/configuration/modules/mail/index.md#m-resolver) is not specified, then `[UNAVAILABLE]` is passed in the `NAME` parameter. If an error has occurred in the process of resolving, the `[TEMPUNAVAIL]` value is used. If `XCLIENT` is disabled, Angie passes the `EHLO` command with the [server name](https://en.angie.software//angie/docs/configuration/modules/mail/index.md#m-server-name) when connecting to the backend if the client has passed `EHLO`, or `HELO` with the server name, otherwise.