Welcome! Log In Create A New Profile

Re: Trying to use SMTP proxy, but there might be limitations?

Forum List Message List New Topic Print View

Francis Daly

September 21, 2015 07:52AM

On Sun, Sep 20, 2015 at 05:25:26PM -0700, Michael Shadle wrote:

Hi there,

This is all untested by me.

> To use headers/metadata from the incoming mail message to determine if
> delivery should be allowed based on the recipients of the message.

I think that that is not available when using the nginx SMTP (reverse) proxy.

You get one MAIL FROM address, plus one RCPT TO address each time that
your auth_http url is called.

All you can use is the SMTP Envelope data.

> Example: development/test environments,

That should be fine - one nginx mail server{} for dev, one for test.

> only allow whitelisted recipients to get messages.

That should be fine - you get each RCPT TO in turn, and your code decides
what Auth-Status to return for each one.

> However, I can only test and prove the concept for a single "To:
> destination" - if there are multiple recipients on the To: line, CC:
> or Bcc:, nginx still only seems to see one of them. I don't think this
> is only allowed in SMTP pipelining (which last I checked isn't
> supported in nginx)

Can you set up a test to watch the SMTP traffic that happens?

To:, Cc:, Bcc: are all mail client things. Whatever is talking SMTP to
your nginx SMTP server should send one MAIL FROM, then multiple lines
of RCPT TO, getting a response for each line sent.

> I'm not sure there is a way to make it work. It might simply not be supported.
>
> Here's my config. It seems to pass things around properly and allow me
> to send "Auth-Status OK" or "Auth-Status Denied" and properly allow or
> deny the message. But it doesn't expand the recipient list.

For the SMTP server, there is no recipient list to expand.

(At least, in the context you refer to here.)

> I examined $_SERVER in PHP:
>
> [HTTP_AUTH_SMTP_FROM] => MAIL FROM:<from@address.com> SIZE=418
> [HTTP_AUTH_SMTP_TO] => RCPT TO:<destination@address.com>
> ORCPT=rfc822;destination@address.com

Do you want *that* address to be delivered to? If so, "Auth-Status: OK".

After you do that, you should get another request for the next address
(I think).

> I was looking around to see if the body of the message or headers came
> in via stdin, but I can't find much documentation about the SMTP
> proxy. Also, I'm not sure ultimately it would help me, as I would have
> to somehow "ignore" the recipients that aren't allowed (which could be
> any combination, maybe only one is okay, maybe all are okay, maybe 3
> out of 5 are okay, etc)

Send the Auth-Status that you want, for each RCPT TO address that you
are given.

See what breaks.

> I guess at this point my question is ... any ideas?

What do your logs or "tcpdump" output say happens?

What do you want to happen instead?

Good luck with it,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Trying to use SMTP proxy, but there might be limitations?	mike	September 20, 2015 08:26PM
Re: Trying to use SMTP proxy, but there might be limitations?	Francis Daly	September 21, 2015 07:52AM
Re: Trying to use SMTP proxy, but there might be limitations?	Maxim Dounin	September 21, 2015 09:46AM
Re: Trying to use SMTP proxy, but there might be limitations?	Francis Daly	September 21, 2015 05:56PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 139

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018