Limiting number of mail(imap/pop) connections per user per IP

Naresh V nareshov at
Mon Nov 1 17:47:19 MSK 2010

On 1 November 2010 15:48, Naresh V <nareshov at> wrote:
> On 1 November 2010 14:37, Naresh V <nareshov at> wrote:
>> Hi,
>> In real IMAP servers like Dovecot, there is a way to limit the number
>> of connections made by a username from a particular IP.
>> Now that nginx is going to sit in front of my dovecot - I won't be
>> able make use of this limit in dovecot anymore (dovecot will see only
>> my nginxes IPs as client IP)
>> How can I achieve this sort of limiting at the nginx level itself?
> I see that the perl auth_http handler can see the real client's IP in
> the 'Client-IP' HTTP header - is there a way to forward this via
> IMAP/POP3 talk to the backend IMAPD/POP3D?
> If this were possible, I can continue to use the limits in Dovecot as-is

Dovecot's author suggested that I look into
It appears that I might have to patch nginx for supporting this. (in
ngx_mail_imap_handler.c: in the s->mail_state and s->command switch

The other approach a colleague of mine suggested was to implement a
(persistent: on-disk bdb perhaps) counter within itself:

But I'm not confident if this'd would because I'm not familiar with
the nature of operation of the mail module when it comes to the
post-auth_http communication with the backend - does the mail
component of nginx communicate make only one connection with the
backend for a particular Auth-Status = 'OK' with auth_http or more
than one?

-Naresh V.

More information about the nginx mailing list