The goal:
To use headers/metadata from the incoming mail message to determine if
delivery should be allowed based on the recipients of the message.
Example: development/test environments, only allow whitelisted
recipients to get messages. I couldn't find any packages, SaaS
services or other options out there (except Mandrill with their
"rules" capability, but there is no API to manage the whitelist...)
I discovered nginx SMTP proxy might actually be able to let me do this
though. It would be great to use PHP (since it's my language of
choice) to do this - a quick lookup in a database (or cache) - so I
liked the possibility of the auth_http option.
However, I can only test and prove the concept for a single "To:
destination" - if there are multiple recipients on the To: line, CC:
or Bcc:, nginx still only seems to see one of them. I don't think this
is only allowed in SMTP pipelining (which last I checked isn't
supported in nginx)
I'm not sure there is a way to make it work. It might simply not be supported.
Here's my config. It seems to pass things around properly and allow me
to send "Auth-Status OK" or "Auth-Status Denied" and properly allow or
deny the message. But it doesn't expand the recipient list.
http {
server {
listen 127.0.0.1:8080;
server_name localhost;
root /var/www;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
mail {
server_name localhost;
auth_http 127.0.0.1:8080/filter.php;
xclient off;
smtp_capabilities "SIZE 10240000" "VRFY" "ETRN"
"ENHANCEDSTATUSCODES" "8BITMIME" "DSN";
smtp_auth none;
proxy on;
server {
listen 25;
protocol smtp;
}
}
I examined $_SERVER in PHP:
[HTTP_AUTH_METHOD] => none
[HTTP_AUTH_USER] =>
[HTTP_AUTH_PASS] =>
[HTTP_AUTH_PROTOCOL] => smtp
[HTTP_AUTH_LOGIN_ATTEMPT] => 1
[HTTP_CLIENT_IP] => 1.2.3.4
[HTTP_CLIENT_HOST] => [UNAVAILABLE]
[HTTP_AUTH_SMTP_HELO] => client-hostname.com
[HTTP_AUTH_SMTP_FROM] => MAIL FROM:<from@address.com> SIZE=418
[HTTP_AUTH_SMTP_TO] => RCPT TO:<destination@address.com>
ORCPT=rfc822;destination@address.com
I was looking around to see if the body of the message or headers came
in via stdin, but I can't find much documentation about the SMTP
proxy. Also, I'm not sure ultimately it would help me, as I would have
to somehow "ignore" the recipients that aren't allowed (which could be
any combination, maybe only one is okay, maybe all are okay, maybe 3
out of 5 are okay, etc)
I guess at this point my question is ... any ideas?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx