[PATCH] Add proxy_protocol option to mail listener
Kees Bos
cornelis.bos at gmail.com
Mon Aug 7 07:44:28 UTC 2017
On za, 2017-08-05 at 20:44 -0400, Wayde Nie wrote:
> Hi Kees, Maxim,
>
> I'm very interested in proxy_protocol enabled nginx mail proxy as
> well.
> Wondering if the feature might be more straightforward (initially?)
> if,
> when enabled on the listen line, it simply set the appropriate
> $proxy_protocol_* variables, similar to the http servers?
>
> I was hoping that I could then include it as an http get param in the
> url for my auth_http directive for the auth script to do a dns
> blacklist
> lookup and/or logging (and possibly some other anti spambot efforts).
>
> I'm working on it with your patch as a starting point, and I can get
> it
> to compile cleanly. Nginx keeps working as expected when I don't set
> proxy_protocol on the listen directive, and when I do set
> proxy_protocol
> on the listen directive I see the correct ip and port picked up and
> logged in the error.log, however, then nginx stops sending the smtp
> greeting... My mail client connects to my loadbalancer, the lb
> connects
> to nginx:587 sending the PROXY line, nginx parses and logs the PROXY
> fields, then the client times out waiting for any return traffic
> from
> nginx... I know it's something I'm doing :-)
>
> I'm happy to keep poking away at it, but curious mostly, if you think
> the approach is sound? (ie. use $proxy_protocol_addr, set by
> proxy_protocol directive and pass in to auth_http script in auth url
> as
> a get param?) and if an initial patch that starts by just setting
> $proxy_protocol_* variables would be a useful first step in this type
> of
> functionality?
>
> Thanks! Wayde.
Just to get the picture right (it looks to me that your downstream smtp
server expects the proxy protocol), what's the exact flow you're trying
to accomplish?
More information about the nginx-devel
mailing list