Mercurial > hg > nginx-mail
diff src/mail/ngx_mail_core_module.c @ 400:f1e2fab7a46c
Mail: smtp proxy without authentication.
Activated by auth method "unauth" in smtp_auth directive.
Waits for MAIL FROM and first RCPT TO from client, asks auth_http for
backend with additional headers Auth-SMTP-Helo, Auth-SMTP-From,
Auth-SMTP-To, and establishes connection to backend.
Auth-SMTP-From/To currently contain full command (e.g. "mail from: <>"),
this may change in future.
The functionality was designed to take off load from real smtp servers.
Additionally it may be used to implement pop-before-smtp authentication
(but dont do it unless you really need it - use real auth instead).
Current bug-features:
- If only "unauth" method activated in config, other methods (e.g. plain,
login) not advertised but accepted. Make sure your auth server handles
this gracefully.
- If backend server returns error on MAIL FROM / RCPT TO command while
proxy tunnel setup, nginx will close connection to client with 4xx
error. One may use proxy_pass_error_message directive to pass original
error message to client.
- Syntax of MAIL FROM / RCPT TO commands from client isn't checked.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 22 Jul 2007 23:55:12 +0000 |
parents | f9e6413396d4 |
children | d4cac61d8e95 |
line wrap: on
line diff
--- a/src/mail/ngx_mail_core_module.c +++ b/src/mail/ngx_mail_core_module.c @@ -66,6 +66,7 @@ static ngx_conf_bitmask_t ngx_smtp_auth { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, { ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED }, { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, + { ngx_string("unauth"), NGX_MAIL_AUTH_UNAUTH_ENABLED }, { ngx_null_string, 0 } }; @@ -74,7 +75,8 @@ static ngx_str_t ngx_imap_auth_methods_ ngx_string("AUTH=PLAIN"), ngx_string("AUTH=LOGIN"), ngx_null_string, /* APOP */ - ngx_string("AUTH=CRAM-MD5") + ngx_string("AUTH=CRAM-MD5"), + ngx_null_string /* UNAUTH */ }; @@ -82,7 +84,8 @@ static ngx_str_t ngx_smtp_auth_methods_ ngx_string("PLAIN"), ngx_string("LOGIN"), ngx_null_string, /* APOP */ - ngx_string("CRAM-MD5") + ngx_string("CRAM-MD5"), + ngx_null_string /* UNAUTH */ }; @@ -301,10 +304,10 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t ngx_mail_core_srv_conf_t *prev = parent; ngx_mail_core_srv_conf_t *conf = child; - u_char *p, *auth_p; + u_char *p, *auth_p, *last_p; size_t size, stls_only_size; ngx_str_t *c, *d; - ngx_uint_t i, m; + ngx_uint_t i, m, smtp_auth_enabled; ngx_conf_merge_size_value(conf->imap_client_buffer_size, prev->imap_client_buffer_size, @@ -599,23 +602,28 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t conf->smtp_capabilities = prev->smtp_capabilities; } - size = sizeof("250-") - 1 + conf->server_name.len + sizeof(CRLF) - 1 - + sizeof("250 AUTH") - 1 + sizeof(CRLF) - 1; + size = sizeof("250-") - 1 + conf->server_name.len + sizeof(CRLF) - 1; c = conf->smtp_capabilities.elts; for (i = 0; i < conf->smtp_capabilities.nelts; i++) { size += sizeof("250 ") - 1 + c[i].len + sizeof(CRLF) - 1; } + smtp_auth_enabled = 0; for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; m <<= 1, i++) { if (m & conf->smtp_auth_methods) { size += 1 + ngx_smtp_auth_methods_names[i].len; + smtp_auth_enabled = 1; } } + if (smtp_auth_enabled) { + size += sizeof("250 AUTH") - 1 + sizeof(CRLF) - 1; + } + p = ngx_palloc(cf->pool, size); if (p == NULL) { return NGX_CONF_ERROR; @@ -624,11 +632,13 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t conf->smtp_capability.len = size; conf->smtp_capability.data = p; + last_p = p; *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-'; p = ngx_cpymem(p, conf->server_name.data, conf->server_name.len); *p++ = CR; *p++ = LF; for (i = 0; i < conf->smtp_capabilities.nelts; i++) { + last_p = p; *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-'; p = ngx_cpymem(p, c[i].data, c[i].len); *p++ = CR; *p++ = LF; @@ -636,21 +646,28 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t auth_p = p; - *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' '; - *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H'; + if (smtp_auth_enabled) { + last_p = p; + + *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' '; + *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H'; - for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; - m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; - m <<= 1, i++) - { - if (m & conf->smtp_auth_methods) { - *p++ = ' '; - p = ngx_cpymem(p, ngx_smtp_auth_methods_names[i].data, - ngx_smtp_auth_methods_names[i].len); + for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; + m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; + m <<= 1, i++) + { + if (m & conf->smtp_auth_methods) { + *p++ = ' '; + p = ngx_cpymem(p, ngx_smtp_auth_methods_names[i].data, + ngx_smtp_auth_methods_names[i].len); + } } - } + + *p++ = CR; *p = LF; - *p++ = CR; *p = LF; + } else { + last_p[3] = ' '; + } size += sizeof("250 STARTTLS" CRLF) - 1; @@ -669,7 +686,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *p++ = CR; *p = LF; p = conf->smtp_starttls_capability.data - + (auth_p - conf->smtp_capability.data) + 3; + + (last_p - conf->smtp_capability.data) + 3; *p = '-'; size = (auth_p - conf->smtp_capability.data) @@ -688,6 +705,12 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t p = ngx_cpymem(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1); + if (last_p < auth_p) { + p = conf->smtp_starttls_only_capability.data + + (last_p - conf->smtp_capability.data) + 3; + *p = '-'; + } + return NGX_CONF_OK; }