[PATCH] Mail: added PROXY PROTOCOL support
Murad Mamedov
mail at muradm.net
Sat Jan 16 16:38:49 UTC 2021
First of all, ignore patch in first mail, I don't use mercurial on
daily basis, and my neomutt screwed the patch. Second mail in thread
contains just patch and it seems to be correct.
I wanted to address few other things on the subject. I started my way
from
http://mailman.nginx.org/pipermail/nginx-devel/2016-November/009083.html,
however decisions done there I found incorrect. Author tried to jump
right into XCLIENT from PROXY PROTOCOL. In proposed implementation proxy
protocol is handled in the begining of connections. Since XCLIENT gets
its address from ngx_connection_s, it will get automatically downstream
provided address of client.
In the same thread, there was questions on how to deal with
"real_ip_header" and "set_real_ip_from". As I mentioned in the original
description to the patch, one may need these in case of HTTP protocol,
which is very flexible, with tons of applications behind that may demand
presense of real ip address in different places/headers. For ancient mail
protocols, it is not the case. They are very strict, very few
applications that implement it, probably Postfix, Exim and Dovecot be
the only practical implementations. And they do support proxy protocol
out of the box. So I could not find real reason to apply "real_ip"
thing. With proposed implementation, it just worked out of the box, with
minimum configuration. The only thing which could be added if need is
the overriding of "destination address" of proxy protocol (i.e. address
which client reached). For now I didn't see where it could be useful in
mentioned above mail applications. Client address, yes, we do pass,
server address ¯\_(ツ)_/¯, who cares.
--
muradm
More information about the nginx-devel
mailing list