Nginx mail proxy module - unexpected behavior re: authentication

Naresh V nareshov at gmail.com
Wed Mar 24 10:15:13 MSK 2010


Hi,

I have a setup with me where I'm using nginx to talk to a redirector
(embedded perl script) which redirects IMAP/POP communication to the
appropriate IMAP/POP server based on a simple DB query that says "this
user's emails are on that IMAP server".
I'm not doing any authentication at this level since according to
this[1] request-timeline diagram, the authentication request/response
is done again with the actual IMAP server anyway.

When my IMAP client is trying to authenticate with legitimate username
and password, nginx - as expected according to the diagram - delegates
the ". login username at domain password" to the real IMAP server whose
". OK" is relayed back to the IMAP client by nginx.
The problem I'm facing right now is when I provide the wrong password,
IMAP server returns AUTHENTICATIONFAILED, but nginx thinks it's an
invalid response and cuts off the session with the IMAP client.

In nginx error log:

> 2010/03/23 14:43:53 [info] 12550#0: *29 upstream sent invalid response: "* BAD internal server error" while reading response from upstream, client: xx.xx.xx.xx, server: 0.0.0.0:143, login: "username at domain", upstream: yy.yy.yy.yy:143

an example telnet session:

[root at nginx ~]# telnet localhost 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK IMAP4 ready
+ login username at domain wrongpassword
* BAD internal server error
Connection closed by foreign host.
[root at nginx ~]#

The behaviour I expect is:

[root at nginx ~]# telnet localhost 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
+ login username at domain wrongpassword
+ NO [AUTHENTICATIONFAILED] Authentication failed.
<telnet session doesn't close>

How do I go about configuring nginx to support this?
'proxy_pass_error_message on' didn't help.
Where exactly do I look in the source to make the appropriate changes?

Thanks!
-Naresh.



More information about the nginx mailing list