Mail config auth_http


#1

Hello

Is there a way to do the following

mail {

auth_http auth.$HTTP_DOMAIN/auth/pop?;
pop3_capabilities “TOP” “UIDL” “USER”;

server{
listen 995;
protocol pop3;
proxy on;

ssl on;
ssl_certificate /dir/to/ssl.crt;
ssl_certificate /dir/to/ssl.key;

server_name mypop.somedomain.com;
}

}

were $HTTP_DOMAIN is parsed front the user ?

Cheers


#2

Hello!

On Wed, Feb 18, 2009 at 12:11:36AM +0100, Nginx L. wrote:

listen 995;

}

were $HTTP_DOMAIN is parsed front the user ?

No, auth_http doesn’t support variables (and there are no plans).
You may try something like this though:

http {

server {
listen 127.0.0.1:8080;

location = /auth/proxy {
set $domain “default”;

        if ($http_auth_user ~ "@(.*)$") {
            set $domain $1;
        }

        # note: requires resolver defined or
        # upstream{} blocks for each possible hostname

        proxy_pass http://auth.$domain/auth/pop;
    }
}

}

mail {
auth_http 127.0.0.1:8080/auth/proxy;

}

This will effectively introduce proxy authentication service
within nginx http module (at the cost of some extra sockets used).

BTW, in general the above method (delegating dirty work to http
module) is recommended one if you want something non-trivial.
E.g. auth backend load balancing and failover can be done easily this
way.

Maxim D.