Help on POP3 proxy setup

Marcelo_Souza · July 8, 2008, 9:49pm

Hi all,

I was just introduced to Nginx and I’m in trouble to setup it as a proxy
for my
POP3 servers.
I’m using a modified (test) version of the mailauth.pm to understand the
program
behavior, but it’s showing the following error message in log:

2008/07/08 15:25:17 [error] 69652#0: *7 auth http server 127.0.0.1:8080
did not
send server or port while in http auth state, client: 127.0.0.1, server:
0.0.0.0
:11000, login: “anyuser”

Connecting to the POP: localhost:11000 (test pop proxy with nginx),
gives:

-ERR internal server error

After valid user info.

Here are the mailauth.pm with hardcoded values, and the nginx.conf:

[mailauth.pm]
package mailauth;
use nginx;

sub handler {
my $r = shift;

        $r->header_out("Auth-Status", "OK") ;
        $r->header_out("Auth-Server", "myserver.domain.com" );
        $r->header_out("Auth-Port", "100");
        $r->send_http_header("text/html");
        return OK;

}
1;
END

-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
[nginx.conf]

user nobody;
worker_processes 1;

error_log logs/error.log debug;

pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
perl_modules perl/lib;
perl_require mailauth.pm;

server {
listen 8080 ;
    location /auth {
        perl  mailauth::handler;
    }
}

}

mail {
auth_http 127.0.0.1:8080/auth;

pop3_capabilities  "TOP"  "USER";

server {
    listen     11000;
    protocol   pop3;
    proxy      on;
}

}

-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-

TIA,

Marcelo

Marcelo_Souza · July 9, 2008, 8:55am

On Tue, Jul 08, 2008 at 07:32:09PM +0000, Marcelo Souza wrote:

sub handler {
my $r = shift;

        $r->header_out("Auth-Status", "OK") ;
        $r->header_out("Auth-Server", "myserver.domain.com" );
        $r->header_out("Auth-Port", "100");
        $r->send_http_header("text/html");
        return OK;

}
1;
END

nginx does not understand DNS names in Auth-Server, only IPs.
I need to make the error message more clear.

Marcelo_Souza · July 9, 2008, 9:34am

On Wed, Jul 09, 2008 at 10:41:58AM +0400, Igor S. wrote:

use nginx;
1;
END

nginx does not understand DNS names in Auth-Server, only IPs.
I need to make the error message more clear.

No, error in this case will be ‘auth http server 127.0.0.1:8080 sent
invalid server address:“myserver.domain.com” while in http auth state’

Probably, you have changed mailauth.pm and have not reconfigure nginx:
it uses old compiled mailauth.pm.

Marcelo_Souza · July 9, 2008, 3:00pm

Igor,

On Wed, 9 Jul 2008, Igor S. wrote:

|On Wed, Jul 09, 2008 at 10:41:58AM +0400, Igor S. wrote:
|
|> On Tue, Jul 08, 2008 at 07:32:09PM +0000, Marcelo Souza wrote:
|>
|> > I was just introduced to Nginx and I’m in trouble to setup it as a proxy for my
|> > POP3 servers.
|> > I’m using a modified (test) version of the mailauth.pm to understand the program
|> > behavior, but it’s showing the following error message in log:
|> >
|> > 2008/07/08 15:25:17 [error] 69652#0: *7 auth http server 127.0.0.1:8080 did not
|> > send server or port while in http auth state, client: 127.0.0.1, server: 0.0.0.0
|> > :11000, login: “anyuser”
|> >
|> > Connecting to the POP: localhost:11000 (test pop proxy with nginx), gives:
|> >
|> > -ERR internal server error
|> >
|> > After valid user info.
|> >
|> > Here are the mailauth.pm with hardcoded values, and the nginx.conf:
|> >
|> > [mailauth.pm]
|> > package mailauth;
|> > use nginx;
|> >
|> > sub handler {
|> > my $r = shift;
|> >
|> > $r->header_out(“Auth-Status”, “OK”) ;
|> > $r->header_out(“Auth-Server”, “myserver.domain.com” );
|> > $r->header_out(“Auth-Port”, “100”);
|> > $r->send_http_header(“text/html”);
|> > return OK;
|> > }
|> > 1;
|> > END
|>
|> nginx does not understand DNS names in Auth-Server, only IPs.
|> I need to make the error message more clear.
|
|No, error in this case will be ‘auth http server 127.0.0.1:8080 sent
|invalid server address:“myserver.domain.com” while in http auth state’
|
|Probably, you have changed mailauth.pm and have not reconfigure nginx:
|it uses old compiled mailauth.pm.

It seems to be using the modified version. It’s copied to perl/lib
under nginx home, and I restarted the master. Whatelse should be done?
Can you send (or point) me a basic working authorization script?

thank you,

Marcelo Souza

Marcelo_Souza · July 9, 2008, 3:48pm

On Wed, Jul 09, 2008 at 09:49:03AM -0300, [email protected] wrote:

|> > I’m using a modified (test) version of the mailauth.pm to understand the program
|> > After valid user info.
|> > $r->header_out(“Auth-Status”, “OK”) ;
|
|No, error in this case will be ‘auth http server 127.0.0.1:8080 sent
|invalid server address:“myserver.domain.com” while in http auth state’
|
|Probably, you have changed mailauth.pm and have not reconfigure nginx:
|it uses old compiled mailauth.pm.

It seems to be using the modified version. It’s copied to perl/lib
under nginx home, and I restarted the master. Whatelse should be done?
Can you send (or point) me a basic working authorization script?

This is working prototype (I’ve tested it now), just set IP in
Auth-Server
header. If it still does not work, could you create debug log ?

Marcelo_Souza · July 14, 2008, 10:19pm

Hi Igor,

It’s working now, thank you.
Just two points:

kill -HUP does not work if I want to reload the modified
mailauth.pm module. Not a real problem, though.

Since it’s not doing any real authentication task (it’s passed
direct to the pop server) an wrong login/pass returns an “Internal
Server
error”, the connection is droped and holds the mailbox locked until the
popper server timeout.

Marcelo Souza

On Wed, 9 Jul 2008, Igor S. wrote:

|On Wed, Jul 09, 2008 at 09:49:03AM -0300, [email protected] wrote:
|
|> Igor,
|>
|> On Wed, 9 Jul 2008, Igor S. wrote:
|>
|> |On Wed, Jul 09, 2008 at 10:41:58AM +0400, Igor S. wrote:
|> |
|> |> On Tue, Jul 08, 2008 at 07:32:09PM +0000, Marcelo Souza wrote:
|> |>
|> |> > I was just introduced to Nginx and I’m in trouble to setup it as a proxy for my
|> |> > POP3 servers.
|> |> > I’m using a modified (test) version of the mailauth.pm to understand the program
|> |> > behavior, but it’s showing the following error message in log:
|> |> >
|> |> > 2008/07/08 15:25:17 [error] 69652#0: *7 auth http server 127.0.0.1:8080 did not
|> |> > send server or port while in http auth state, client: 127.0.0.1, server: 0.0.0.0
|> |> > :11000, login: “anyuser”
|> |> >
|> |> > Connecting to the POP: localhost:11000 (test pop proxy with nginx), gives:
|> |> >
|> |> > -ERR internal server error
|> |> >
|> |> > After valid user info.
|> |> >
|> |> > Here are the mailauth.pm with hardcoded values, and the nginx.conf:
|> |> >
|> |> > [mailauth.pm]
|> |> > package mailauth;
|> |> > use nginx;
|> |> >
|> |> > sub handler {
|> |> > my $r = shift;
|> |> >
|> |> > $r->header_out(“Auth-Status”, “OK”) ;
|> |> > $r->header_out(“Auth-Server”, “myserver.domain.com” );
|> |> > $r->header_out(“Auth-Port”, “100”);
|> |> > $r->send_http_header(“text/html”);
|> |> > return OK;
|> |> > }
|> |> > 1;
|> |> > END
|> |>
|> |> nginx does not understand DNS names in Auth-Server, only IPs.
|> |> I need to make the error message more clear.
|> |
|> |No, error in this case will be ‘auth http server 127.0.0.1:8080 sent
|> |invalid server address:“myserver.domain.com” while in http auth state’
|> |
|> |Probably, you have changed mailauth.pm and have not reconfigure nginx:
|> |it uses old compiled mailauth.pm.
|>
|> It seems to be using the modified version. It’s copied to perl/lib
|> under nginx home, and I restarted the master. Whatelse should be done?
|> Can you send (or point) me a basic working authorization script?
|
|This is working prototype (I’ve tested it now), just set IP in Auth-Server
|header. If it still does not work, could you create debug log ?
|
|
|–
|Igor S.
|Igor Sysoev
|

Marcelo