Welcome! Log In Create A New Profile

Re: Limiting number of mail(imap/pop) connections per user per IP

Forum List Message List New Topic Print View

Maxim Dounin

November 01, 2010 11:40AM

Hello!

On Mon, Nov 01, 2010 at 08:17:19PM +0530, Naresh V wrote:

> On 1 November 2010 15:48, Naresh V <nareshov@gmail.com> wrote:
> > On 1 November 2010 14:37, Naresh V <nareshov@gmail.com> wrote:
> >> Hi,
> >>
> >> In real IMAP servers like Dovecot, there is a way to limit the number
> >> of connections made by a username from a particular IP.
> >> Now that nginx is going to sit in front of my dovecot - I won't be
> >> able make use of this limit in dovecot anymore (dovecot will see only
> >> my nginxes IPs as client IP)
> >>
> >> How can I achieve this sort of limiting at the nginx level itself?
> >>
> >
> > I see that the perl auth_http handler can see the real client's IP in
> > the 'Client-IP' HTTP header - is there a way to forward this via
> > IMAP/POP3 talk to the backend IMAPD/POP3D?
> > If this were possible, I can continue to use the limits in Dovecot as-is
> >
>
> Dovecot's author suggested that I look into
> http://mailman2.u.washington.edu/pipermail/imap-protocol/2008-June/000872.html
> It appears that I might have to patch nginx for supporting this. (in
> ngx_mail_imap_handler.c: in the s->mail_state and s->command switch
> statements)

Yes, it's non-standard and not currently supported. Probably it's
good idea to support this though.

> The other approach a colleague of mine suggested was to implement a
> (persistent: on-disk bdb perhaps) counter within mailauth.pm itself:
>
> But I'm not confident if this'd would because I'm not familiar with
> the nature of operation of the mail module when it comes to the
> post-auth_http communication with the backend - does the mail
> component of nginx communicate make only one connection with the
> backend for a particular Auth-Status = 'OK' with auth_http or more
> than one?

Only one (or even no one, if something goes wrong - e.g.
connection fails). But you don't have information about
connection termination with auth_http, so if you want to limit
number of connections - you have to read nginx's logs anyway.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Limiting number of mail(imap/pop) connections per user per IP	Naresh V	November 01, 2010 05:10AM
Re: Limiting number of mail(imap/pop) connections per user per IP	Naresh V	November 01, 2010 06:22AM
Re: Limiting number of mail(imap/pop) connections per user per IP	Naresh V	November 01, 2010 10:54AM
Re: Limiting number of mail(imap/pop) connections per user per IP	Maxim Dounin	November 01, 2010 11:40AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 125

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018