Problems with PHP authentication imap/smtp proxy

Detlef_R · April 13, 2014, 9:26pm

I managed to write my php auth script but still having problems
authenticating.
Also this is what I see in the logs:
[error] 22014#0: *3234 recv() failed (111: Connection refused) while in
http
auth state, client: back.end.ip server: 0.0.0.0:993, login:
“[email protected]”

Also do I call this script with the following auth_http line? I never
see
anything listening on 9000. Where is this 9000 coming from? I just see
everyone using it:

auth_http 127.0.0.1:9000/mail/auth.php;

auth.php

<?php $db = new PDO('mysql:host=back.end.ip;dbname=server;charset=utf8', 'user', 'password'); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); if (!isset($_SERVER["HTTP_AUTH_USER"] ) || !isset($_SERVER["HTTP_AUTH_PASS"] )) { fail(); } $username = $_SERVER["HTTP_AUTH_USER"] ; $userpass = $_SERVER["HTTP_AUTH_PASS"] ; $protocol = $_SERVER["HTTP_AUTH_PROTOCOL"] ; $backend_port = ""; if ($protocol == "imap") { $backend_port = 993; } if ($protocol == "smtp") { $backend_port = 25; } // nginx likes ip address so if your // application gives back hostname, convert it to ip address here $backend_ip = "back.end.ip"; // Authenticate the user or fail if (!authuser($username,$userpass)) { fail(); exit; } // Get the server for this user if we have reached so far $userserver = getmailserver($username); // Get the ip address of the server // We are assuming that your backend returns hostname // We try to get the ip else return what we got back $server_ip = (isset($backend_ip[$userserver]))?$backend_ip[$userserver] :$userserver; // Pass! pass($server_ip, $backend_port); //END function authuser($user,$pass) { global $db; $stmt = $db->prepare("SELECT password FROM users WHERE email=:email LIMIT 1"); $stmt->bindValue(':email',$username,PDO::PARAM_STR); $stmt->execute(); $dbpass = $stmt->fetchColumn(); return ($dbpass === $pass); } function getmailserver($user) { return $backend_ip; } } function fail(){ header("Auth-Status: Invalid login or password"); exit; } function pass($server,$port) { header("Auth-Status: OK"); header("Auth-Server: $server"); header("Auth-Port: $port"); exit; } ?>

========================================================
nginx.conf (my http section is fine as I use it for my backend apache)

mail {
server_name mx1.domain.com;
#auth_http unix:/path/socket:/cgi-bin/auth;
auth_http 127.0.0.1:9000/mail/auth.php;

proxy on;

ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 SSLv3;
ssl_ciphers HIGH:!ADH:!MD5:@STRENGTH;
ssl_session_cache shared:TLSSL:16m;
ssl_session_timeout 10m;
ssl_certificate ssl/ug-mail.crt;
ssl_certificate_key ssl/private/ug-mail.key;

imap_capabilities “IMAP4rev1 UIDPLUS”;
smtp_capabilities “PIPELINING 8BITMIME DSN”;

smtp_auth plain login;

imap_auth plain login;

server {
listen 25;
protocol smtp;
timeout 120000;
}

server {
listen 8825;
protocol smtp;
starttls on;
}

server {
listen 993;
protocol imap;
ssl on;
}
}

Posted at Nginx Forum:

cybermass · April 14, 2014, 1:06pm

Hello!

On Sun, Apr 13, 2014 at 03:25:35PM -0400, cybermass wrote:

auth_http 127.0.0.1:9000/mail/auth.php;

It’s just a random port number, which is expected to be used by
a HTTP server which is capable of running your auth script.

–
Maxim D.
http://nginx.org/

cybermass · April 14, 2014, 7:47pm

Im still not able to call this script. Is there something I need to
define in the http { section for php? I have not done that. I tried
adding another server { block inside the http block to listen to
127.0.0.1:9000 but still cant call my php script. nginx does not know
how to use php. I do have php5-fpm installed and running. Any help would
be appreciated. I just need to be able to use my auth.php with
auth_http. Thanks.