How to control access for specific IP-addresses of clients when using as mail proxy


I am running nginx 1.0.8 for mail proxy , and I would like to add access
control feature(by IP address) to this proxy.
For HTTP, there is http access module for this purpose, however mail
module doesn’t seem to have this feature.
Do someone know how to implement this feature?

I found ngx_tcpwrapper on ,
but unfortunately this is also only for HTTP.

Thanks and Regards,

Posted at Nginx Forum:,216892,216892#msg-216892

I have added this feature in my nginx_tcp_proxy_module. You can do it as

2011/10/19 mikiso [email protected]

Thank you very much.
I’ll refer to these codes and add something like mail access module
to the mail core module.

姚伟斌 Wrote:

I have added this feature in my
nginx_tcp_proxy_module. You can do it as a

Posted at Nginx Forum:,216892,216944#msg-216944

Finally I wrote mail access module with reference to the source code of
http access module and
Evan M.'s guide to Nginx module development because we need this
feature for only pop3 proxy.

And I noticed I don’t understand how my module to be called before the
pop3 handler.
From the guide it is important the order of the modules, however it
doesn’t mention granular control
for request/connection handling.

So I’d like to know how to call this handler before the pop3 handler and
how the ngx_mail_pop3_init_session is
called after “epoll_process_event”.

Do I need to register connection handler or do I need to implement tcp
based source code as he does?


Posted at Nginx Forum:,216892,216979#msg-216979

I noticed that HTTP request will be processed according to the
ngx_http_phases and
mail core module doesn’t have the same mechanism.

So it seems I have to refer to his code if I don’t want to modify the
core code…

Posted at Nginx Forum:,216892,216989#msg-216989