Trying to use SMTP proxy, but there might be limitations?

Michael Shadle mike503 at gmail.com
Mon Sep 21 00:25:26 UTC 2015 

The goal:

To use headers/metadata from the incoming mail message to determine if
delivery should be allowed based on the recipients of the message.
Example: development/test environments, only allow whitelisted
recipients to get messages. I couldn't find any packages, SaaS
services or other options out there (except Mandrill with their
"rules" capability, but there is no API to manage the whitelist...)

I discovered nginx SMTP proxy might actually be able to let me do this
though. It would be great to use PHP (since it's my language of
choice) to do this - a quick lookup in a database (or cache) - so I
liked the possibility of the auth_http option.

However, I can only test and prove the concept for a single "To:
destination" - if there are multiple recipients on the To: line, CC:
or Bcc:, nginx still only seems to see one of them. I don't think this
is only allowed in SMTP pipelining (which last I checked isn't
supported in nginx)

I'm not sure there is a way to make it work. It might simply not be supported.

Here's my config. It seems to pass things around properly and allow me
to send "Auth-Status OK" or "Auth-Status Denied" and properly allow or
deny the message. But it doesn't expand the recipient list.

http {
  server {
    listen 127.0.0.1:8080;
    server_name localhost;
    root /var/www;
    location ~ \.php$ {
      include snippets/fastcgi-php.conf;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
    }
  }
}

mail {
  server_name localhost;
  auth_http 127.0.0.1:8080/filter.php;
  xclient off;
  smtp_capabilities "SIZE 10240000" "VRFY" "ETRN"
"ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
  smtp_auth none;
  proxy on;
  server {
    listen  25;
    protocol smtp;
  }
}

I examined $_SERVER in PHP:

    [HTTP_AUTH_METHOD] => none
    [HTTP_AUTH_USER] =>
    [HTTP_AUTH_PASS] =>
    [HTTP_AUTH_PROTOCOL] => smtp
    [HTTP_AUTH_LOGIN_ATTEMPT] => 1
    [HTTP_CLIENT_IP] => 1.2.3.4
    [HTTP_CLIENT_HOST] => [UNAVAILABLE]
    [HTTP_AUTH_SMTP_HELO] => client-hostname.com
    [HTTP_AUTH_SMTP_FROM] => MAIL FROM:<from at address.com> SIZE=418
    [HTTP_AUTH_SMTP_TO] => RCPT TO:<destination at address.com>
ORCPT=rfc822;destination at address.com

I was looking around to see if the body of the message or headers came
in via stdin, but I can't find much documentation about the SMTP
proxy. Also, I'm not sure ultimately it would help me, as I would have
to somehow "ignore" the recipients that aren't allowed (which could be
any combination, maybe only one is okay, maybe all are okay, maybe 3
out of 5 are okay, etc)

I guess at this point my question is ... any ideas?

More information about the nginx mailing list