Mercurial > hg > nginx-mail

diff src/mail/ngx_mail_auth_http_module.c @ 400:f1e2fab7a46c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: smtp proxy without authentication. Activated by auth method "unauth" in smtp_auth directive. Waits for MAIL FROM and first RCPT TO from client, asks auth_http for backend with additional headers Auth-SMTP-Helo, Auth-SMTP-From, Auth-SMTP-To, and establishes connection to backend. Auth-SMTP-From/To currently contain full command (e.g. "mail from: <>"), this may change in future. The functionality was designed to take off load from real smtp servers. Additionally it may be used to implement pop-before-smtp authentication (but dont do it unless you really need it - use real auth instead). Current bug-features: - If only "unauth" method activated in config, other methods (e.g. plain, login) not advertised but accepted. Make sure your auth server handles this gracefully. - If backend server returns error on MAIL FROM / RCPT TO command while proxy tunnel setup, nginx will close connection to client with 4xx error. One may use proxy_pass_error_message directive to pass original error message to client. - Syntax of MAIL FROM / RCPT TO commands from client isn't checked.
author Maxim Dounin <mdounin@mdounin.ru>
date Sun, 22 Jul 2007 23:55:12 +0000
parents a96157df5186
children 481e8f936572
line wrap: on
line diff
--- a/src/mail/ngx_mail_auth_http_module.c
+++ b/src/mail/ngx_mail_auth_http_module.c
@@ -137,7 +137,8 @@ static ngx_str_t   ngx_mail_auth_http_me
     ngx_string("plain"),
     ngx_string("plain"),
     ngx_string("apop"),
-    ngx_string("cram-md5")
+    ngx_string("cram-md5"),
+    ngx_string("unauth")
 };
 
 static ngx_str_t   ngx_mail_smtp_errcode = ngx_string("535 5.7.0");
@@ -1173,6 +1174,9 @@ ngx_mail_auth_http_create_request(ngx_ma
                 + sizeof(CRLF) - 1
           + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
                 + sizeof(CRLF) - 1
+          + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len
+          + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len
+          + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len
           + ahcf->header.len
           + sizeof(CRLF) - 1;
 
@@ -1227,6 +1231,27 @@ ngx_mail_auth_http_create_request(ngx_ma
                          s->connection->addr_text.len);
     *b->last++ = CR; *b->last++ = LF;
 
+    if (s->auth_method == NGX_MAIL_AUTH_UNAUTH) {
+
+        /* HELO / MAIL FROM / RCPT TO can't contain CRLF, no need to escape */
+
+        b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ",
+                             sizeof("Auth-SMTP-Helo: ") - 1);
+        b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len);
+        *b->last++ = CR; *b->last++ = LF;
+
+        b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ",
+                             sizeof("Auth-SMTP-From: ") - 1);
+        b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len);
+        *b->last++ = CR; *b->last++ = LF;
+
+        b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ",
+                             sizeof("Auth-SMTP-To: ") - 1);
+        b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len);
+        *b->last++ = CR; *b->last++ = LF;
+
+    }
+
     if (ahcf->header.len) {
         b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len);
     }