Mercurial > hg > nginx-site

view xml/en/docs/mail/ngx_mail_pop3_module.xml @ 3088:7b7dbaa7d777 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented XOAUTH2 and OAUTHBEARER authentication methods.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 04 Jun 2024 18:35:21 +0300
parents 4add6ae1296f
children
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) 2006, 2007 Anton Yuzhaninov
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_mail_pop3_module"
        link="/en/docs/mail/ngx_mail_pop3_module.html"
        lang="en"
        rev="6">

<section id="directives" name="Directives">

<directive name="pop3_auth">
<syntax><value>method</value> ...</syntax>
<default>plain</default>
<context>mail</context>
<context>server</context>

<para>
Sets permitted methods of authentication for POP3 clients.
Supported methods are:
<list type="tag">

<tag-name><literal>plain</literal></tag-name>
<tag-desc>
<link url="https://datatracker.ietf.org/doc/html/rfc1939">USER/PASS</link>,
<link url="https://datatracker.ietf.org/doc/html/rfc4616">AUTH PLAIN</link>,
<link url="https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00">AUTH LOGIN</link>
</tag-desc>

<tag-name><literal>apop</literal></tag-name>
<tag-desc>
<link url="https://datatracker.ietf.org/doc/html/rfc1939">APOP</link>.
In order for this method to work, the password must be stored unencrypted.
</tag-desc>

<tag-name><literal>cram-md5</literal></tag-name>
<tag-desc>
<link url="https://datatracker.ietf.org/doc/html/rfc2195">AUTH CRAM-MD5</link>.
In order for this method to work, the password must be stored unencrypted.
</tag-desc>

<tag-name><literal>external</literal></tag-name>
<tag-desc>
<link url="https://datatracker.ietf.org/doc/html/rfc4422">AUTH EXTERNAL</link> (1.11.6).
</tag-desc>

<tag-name><literal>xoauth2</literal></tag-name>
<tag-desc>
<link url="https://developers.google.com/gmail/imap/xoauth2-protocol"
>AUTH XOAUTH2</link> (1.27.1).
</tag-desc>

<tag-name><literal>oauthbearer</literal></tag-name>
<tag-desc>
<link url="https://datatracker.ietf.org/doc/html/rfc7628"
>AUTH OAUTHBEARER</link> (1.27.1).
</tag-desc>

</list>
</para>

<para>
Plain text authentication methods
(<literal>USER/PASS</literal>, <literal>AUTH PLAIN</literal>,
and <literal>AUTH LOGIN</literal>) are always enabled,
though if the <literal>plain</literal> method is not specified,
<literal>AUTH PLAIN</literal> and <literal>AUTH LOGIN</literal>
will not be automatically included in <link id="pop3_capabilities"/>.
</para>

</directive>


<directive name="pop3_capabilities">
<syntax><value>extension</value> ...</syntax>
<default>TOP USER UIDL</default>
<context>mail</context>
<context>server</context>

<para>
Sets the
<link url="https://datatracker.ietf.org/doc/html/rfc2449">POP3 protocol</link>
extensions list that is passed to the client in response to
the <literal>CAPA</literal> command.
The authentication methods specified in the <link id="pop3_auth"/> directive
(<link url="https://datatracker.ietf.org/doc/html/rfc2449">SASL</link> extension) and
<link url="https://datatracker.ietf.org/doc/html/rfc2595">STLS</link>
are automatically added to this list depending on the
<link doc="ngx_mail_ssl_module.xml" id="starttls"/> directive value.
</para>

<para>
It makes sense to specify the extensions
supported by the POP3 backends
to which the clients are proxied (if these extensions are related to commands
used after the authentication, when nginx transparently proxies the client
connection to the backend).
</para>

<para>
The current list of standardized extensions is published at
<link url="http://www.iana.org/assignments/pop3-extension-mechanism">www.iana.org</link>.
</para>

</directive>

</section>

</module>