Hello!

On Thu, May 20, 2021 at 03:25:48AM -0400, mbrother wrote:

> I am a fan of nginx and I really like nginx mail proxy module. I'm having a
> problem between the authenticated account and the sender when using this
> module. For better understanding, please see my test below:
>
> root@nginx:~# telnet xx.xx.xx.xx 25
> Trying xx.xx.xx.xx ...
> Connected to xx.xx.xx.xx .
> Escape character is '^]'.
> 220 smtp.xxx.xxx ESMTP ready
> ehlo mail.example.com
> 250-smtp. xxx.xxx
> 250 AUTH LOGIN
> AUTH LOGIN
> 334 VXNlcm5hbWU6
> xxxxxxxxxxxxxxxxxxxxxxxxxx
> 334 UGFzc3dvcmQ6
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> 235 2.0.0 OK
> mail from: admin@gmail.com
> 250 OK <admin@gmail.com> Sender ok
> rcpt to: admin@gmail.com
> 250 OK <admin@gmail.com> Recipient ok
> data
> 354 Start mail input; end with <CRLF>.<CRLF>
> test
> test
> .
> 250 OK
> quit
> 221 Service closing transmission channel
> Connection closed by foreign host.
>
> As you have seen, after successful authentication, I can send email using
> any account and nginx skips checking if this account matches the previously
> authenticated account.

After successful authentication nginx establishes an opaque pipe
between the client and the backend server, and no longer controls
what the client does. It's up to the backend server to check if
the client is allowed to send relevant messages or not.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx