Nginx mail proxy LDAP iRedMail

shiver25 nginx-forum at forum.nginx.org
Wed Aug 1 08:50:27 UTC 2018 

Hi there,

I try configure a little mail infrastructure but i have problem with this.
So i have exacly three servers. One is MX (frontend) there is nginx with
configuration:

 user  nginx;
worker_processes  2;
error_log  /var/log/nginx/error.log  info;
pid        /var/run/nginx.pid;
load_module /usr/lib64/nginx/modules/ngx_http_perl_module.so;
load_module /usr/lib64/nginx/modules/ngx_mail_module.so;


events {
  worker_connections  1024;
  multi_accept on;
}

http {
  perl_modules  perl/lib;
  perl_require  mailauth.pm;

  server {
    location /auth {
	    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      perl  mailauth::handler;
    }
  }
}

mail {
  auth_http  127.0.0.1:80/auth;

  pop3_capabilities  "TOP"  "USER";
  imap_capabilities  "IMAP4rev1"  "UIDPLUS";

  server {
    listen     110;
    protocol   pop3;
    proxy      on;
  }

  server {
    listen     143;
    protocol   imap;
    proxy      on;
  }

 server {
   listen	25;
   protocol	smtp;
   proxy	on;
 }
}

And i try write auth script in perl, look like:

package mailauth;

use strict;
use warnings;
use nginx;
use Net::LDAP;

my $mail_server1 = "10.12.1.109";
my $mail_server2 = "10.12.1.109";

our $mail_server_ip={};
our $protocol_ports={};
$mail_server-ip->{'mailhost01'}="10.12.1.109";
$mail_server_ip->{'mailhost02'}="192.168.1.33";
$protocol_ports->{'pop3'}=110;
$protocol_ports->{'imap'}=143;

my $ldapconnect = Net::LDAP->new( "10.12.1.109", 
			version => 3, 
			port => 389 ) or die $@;


my $bind = $ldapconnect->bind( "cn=vmail,dc=poczta,dc=coml",
			password => "PPkRSNeYtIDm7QXAq7Dr" );
if ( $bind->code ) {
	LDAPerror( "Bind: ", $bind);
}


sub handler {

my $r = shift;


our $mail_server;
my $auth_user->execute($r->header_in("Auth-User"));
if ($auth_user =~ m/^[abcdefghijklmp]/) {
        $mail_server = $mail_server1;
} else {
        $mail_server = $mail_server2;
}



my $search = $ldapconnect->search(
	base => "o=domains,dc=poczta,dc=com",
	filter => '(&(mail=' . $r->header_in("Auth-User") . '))'
);


my $goto = $search->entry(0)->get_value('mail');
$r->header_out( "Auth-Status", "OK" );
$r->header_out( "Auth-Server", $mail_server);
$r->header_out( "Auth-Port",
$protocol_ports->{$r->header_in("Auth-Protocol")});
$r->send_http_header("text/html");



return OK;
}
1;

$ldapconnect->unbind;

__END__


Two backend servers installed with LDAP form iRedMail package. I want have
two servers backend with half and half users. So i add to script logic
like:

our $mail_server;
my $auth_user->execute($r->header_in("Auth-User"));
if ($auth_user =~ m/^[abcdefghijklmp]/) {
        $mail_server = $mail_server1;
} else {
        $mail_server = $mail_server2;
}

Check with curl:
curl -i -H 'Auth-User: postmaster at com' -H 'Auth-Pass: supersecret' -H
'Auth-Protocol: imap' 10.12.1.128:80/auth

and ive got:

HTTP/1.0 200 OK
Server: nginx/1.12.2
Date: Wed, 01 Aug 2018 08:40:49 GMT
Content-Type: text/html
Auth-Status: OK
Auth-Server: 
Auth-Port: 143


telnet 10.12.1.128 143
Trying 10.12.1.128...
Connected to 10.12.1.128.
Escape character is '^]'.
* OK IMAP4 ready
LOGIN postmaster at com supersecret
LOGIN BAD invalid command
Connection closed by foreign host.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,280741,280741#msg-280741

More information about the nginx mailing list