Mercurial > hg > nginx-mail
diff src/mail/ngx_mail_auth_http_module.c @ 400:f1e2fab7a46c
Mail: smtp proxy without authentication.
Activated by auth method "unauth" in smtp_auth directive.
Waits for MAIL FROM and first RCPT TO from client, asks auth_http for
backend with additional headers Auth-SMTP-Helo, Auth-SMTP-From,
Auth-SMTP-To, and establishes connection to backend.
Auth-SMTP-From/To currently contain full command (e.g. "mail from: <>"),
this may change in future.
The functionality was designed to take off load from real smtp servers.
Additionally it may be used to implement pop-before-smtp authentication
(but dont do it unless you really need it - use real auth instead).
Current bug-features:
- If only "unauth" method activated in config, other methods (e.g. plain,
login) not advertised but accepted. Make sure your auth server handles
this gracefully.
- If backend server returns error on MAIL FROM / RCPT TO command while
proxy tunnel setup, nginx will close connection to client with 4xx
error. One may use proxy_pass_error_message directive to pass original
error message to client.
- Syntax of MAIL FROM / RCPT TO commands from client isn't checked.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 22 Jul 2007 23:55:12 +0000 |
parents | a96157df5186 |
children | 481e8f936572 |
line wrap: on
line diff
--- a/src/mail/ngx_mail_auth_http_module.c +++ b/src/mail/ngx_mail_auth_http_module.c @@ -137,7 +137,8 @@ static ngx_str_t ngx_mail_auth_http_me ngx_string("plain"), ngx_string("plain"), ngx_string("apop"), - ngx_string("cram-md5") + ngx_string("cram-md5"), + ngx_string("unauth") }; static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0"); @@ -1173,6 +1174,9 @@ ngx_mail_auth_http_create_request(ngx_ma + sizeof(CRLF) - 1 + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len + sizeof(CRLF) - 1 + + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len + + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len + + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len + ahcf->header.len + sizeof(CRLF) - 1; @@ -1227,6 +1231,27 @@ ngx_mail_auth_http_create_request(ngx_ma s->connection->addr_text.len); *b->last++ = CR; *b->last++ = LF; + if (s->auth_method == NGX_MAIL_AUTH_UNAUTH) { + + /* HELO / MAIL FROM / RCPT TO can't contain CRLF, no need to escape */ + + b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ", + sizeof("Auth-SMTP-Helo: ") - 1); + b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len); + *b->last++ = CR; *b->last++ = LF; + + b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ", + sizeof("Auth-SMTP-From: ") - 1); + b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len); + *b->last++ = CR; *b->last++ = LF; + + b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ", + sizeof("Auth-SMTP-To: ") - 1); + b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len); + *b->last++ = CR; *b->last++ = LF; + + } + if (ahcf->header.len) { b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len); }