Nginx mail proxy LDAP iRedMail

Maxim Dounin mdounin at mdounin.ru
Wed Aug 1 13:06:43 UTC 2018 

Hello!

On Wed, Aug 01, 2018 at 04:50:27AM -0400, shiver25 wrote:

> Hi there,
> 
> I try configure a little mail infrastructure but i have problem with this.
> So i have exacly three servers. One is MX (frontend) there is nginx with
> configuration:
> 
>  user  nginx;
> worker_processes  2;
> error_log  /var/log/nginx/error.log  info;
> pid        /var/run/nginx.pid;
> load_module /usr/lib64/nginx/modules/ngx_http_perl_module.so;
> load_module /usr/lib64/nginx/modules/ngx_mail_module.so;
> 
> 
> events {
>   worker_connections  1024;
>   multi_accept on;
> }
> 
> http {
>   perl_modules  perl/lib;
>   perl_require  mailauth.pm;
> 
>   server {
>     location /auth {
> 	    proxy_set_header Host $host;
>     proxy_set_header X-Real-IP $remote_addr;
>     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Just a side note: these proxy_set_header directives are useless.

>       perl  mailauth::handler;
>     }
>   }
> }

[...]

> And i try write auth script in perl, look like:
> 
> package mailauth;
> 
> use strict;
> use warnings;
> use nginx;
> use Net::LDAP;
> 
> my $mail_server1 = "10.12.1.109";
> my $mail_server2 = "10.12.1.109";
> 
> our $mail_server_ip={};
> our $protocol_ports={};
> $mail_server-ip->{'mailhost01'}="10.12.1.109";

With "-" here, loading the configuration is expected to fail with 
an error like:

nginx: [emerg] require_pv("mailauth.pm") failed: "Can't use bareword ("ip") as a HASH ref while "strict refs" in use at /path/to/mailauth.pm line 13.

If the code provided exactly as used, likely you are testing with 
some older version which does not have this bug.

In no particular order:

- make sure to reload nginx configuration after changing the perl 
  module;

- try looking into nginx error logs, it might have helpful information.

Note well that using embedded perl for potentially blocking 
lookups in the LDAP database might not be a good idea.  Quoting 
http://nginx.org/en/docs/http/ngx_http_perl_module.html:

: While the Perl module is performing a long-running operation, such 
: as resolving a domain name, connecting to another server, or 
: querying a database, other requests assigned to the current worker 
: process will not be processed. It is thus recommended to perform 
: only such operations that have predictable and short execution 
: time, such as accessing the local file system.

[...]

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx mailing list