[PATCH] Add support for Proxy Protocol to mail SMTP

Maxim Dounin mdounin at mdounin.ru
Thu Nov 3 17:13:03 UTC 2016


On Thu, Nov 03, 2016 at 09:41:03AM -0700, Maxim Vladimirsky wrote:

> Hi Folks,
> I was not sure if you would be interested in this, but decided to run it by
> you anyway.
> We need to run Nginx as an SMTP proxy sitting behind ELB in AWS, but we
> also want the upstream SMTP server to get the real client ip, so Nginx is
> configured to provide it via an XCLIENT command. However the stock version
> of Nginx provides ELB's ip instead, because it does not recognize the Proxy
> Protocol header (http://docs.aws.amazon.com/elasticloadbalancing/latest/
> classic/enable-proxy-protocol.html#proxy-protocol) sent to it by ELB.

Seems to be perfectly valid use case.

> The following patch updates the mail module so that it can be configured to
> expect Proxy Protocol header by setting `proxy_protocol on`. In that case
> Proxy Protocol header is parsed, a client IP is retrieved and passed to an
> SMTP upstream in an XCLIENT command.

The "proxy_protocol on" is expected to configure sending PROXY 
protocol to an upstream server, similar to how it already works in 
the stream module:


Accepting PROXY protocol from clients is expected to be enabled 
using a listening socket option instead, similar to what we have 
in http and stream modules:


Open question is how it should work though.  I.e., if it should 
just unconditionally set provided address as a client one, similar 
to how

    listen 80 proxy_protocol;
    real_ip_header proxy_protocol;

works in stream / http, or there should be some advanced control 
like the realip module in stream / http.

Maxim Dounin

More information about the nginx-devel mailing list