nginx-mail: src/mail/ngx_mail_auth_http

comparison src/mail/ngx_mail_auth_http_module.c @ 400:f1e2fab7a46c

Mail: smtp proxy without authentication. Activated by auth method "unauth" in smtp_auth directive. Waits for MAIL FROM and first RCPT TO from client, asks auth_http for backend with additional headers Auth-SMTP-Helo, Auth-SMTP-From, Auth-SMTP-To, and establishes connection to backend. Auth-SMTP-From/To currently contain full command (e.g. "mail from: <>"), this may change in future. The functionality was designed to take off load from real smtp servers. Additionally it may be used to implement pop-before-smtp authentication (but dont do it unless you really need it - use real auth instead). Current bug-features: - If only "unauth" method activated in config, other methods (e.g. plain, login) not advertised but accepted. Make sure your auth server handles this gracefully. - If backend server returns error on MAIL FROM / RCPT TO command while proxy tunnel setup, nginx will close connection to client with 4xx error. One may use proxy_pass_error_message directive to pass original error message to client. - Syntax of MAIL FROM / RCPT TO commands from client isn't checked.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Sun, 22 Jul 2007 23:55:12 +0000
parents	a96157df5186
children	481e8f936572

comparison

equal deleted inserted replaced

-:137505db4246
+:f1e2fab7a46c
 static char       *ngx_mail_auth_http_protocol[] = { "pop3", "imap", "smtp" };
 static ngx_str_t   ngx_mail_auth_http_method[] = {
 ngx_string("plain"),
 ngx_string("plain"),
 ngx_string("apop"),
-ngx_string("cram-md5")
+ngx_string("cram-md5"),
+ngx_string("unauth")
 };
 static ngx_str_t   ngx_mail_smtp_errcode = ngx_string("535 5.7.0");
 void
 + sizeof("Auth-Protocol: imap" CRLF) - 1
 + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN
 + sizeof(CRLF) - 1
 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
 + sizeof(CRLF) - 1
++ sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len
++ sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len
++ sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len
 + ahcf->header.len
 + sizeof(CRLF) - 1;
 b = ngx_create_temp_buf(pool, len);
 if (b == NULL) {
 b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1);
 b->last = ngx_copy(b->last, s->connection->addr_text.data,
 s->connection->addr_text.len);
 *b->last++ = CR; *b->last++ = LF;
+if (s->auth_method == NGX_MAIL_AUTH_UNAUTH) {
+/* HELO / MAIL FROM / RCPT TO can't contain CRLF, no need to escape */
+b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ",
+sizeof("Auth-SMTP-Helo: ") - 1);
+b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len);
+*b->last++ = CR; *b->last++ = LF;
+b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ",
+sizeof("Auth-SMTP-From: ") - 1);
+b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len);
+*b->last++ = CR; *b->last++ = LF;
+b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ",
+sizeof("Auth-SMTP-To: ") - 1);
+b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len);
+*b->last++ = CR; *b->last++ = LF;
+}
 if (ahcf->header.len) {
 b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len);
 }
 /* add "\r\n" at the header end */

Mercurial > hg > nginx-mail

comparison src/mail/ngx_mail_auth_http_module.c @ 400:f1e2fab7a46c