Page Discussion History


Using nginx-embedded-perl module on the same server as the imap/pop proxy as the auth backend

Note: this solution will block entire nginx worker when reading user information from DB and therefore not recommended for real use.

  • Note2: This solution is being used at at ISP with 35000+ mailboxes for almost 2 years now fine. If you want shameful plug, the ISP is Worldsoft ([1] )

Start with the configuration from [NginxImapProxyExample] . For detail information about different configuration parameters, see the [NginxMailCoreModule] page.

Configure nginx with embedded perl and mail

./configure --with-http_perl_module --with-mail


user  nobody;
worker_processes  1;
error_log  logs/error.log  info;
pid        logs/nginx.pid;
events {
  worker_connections  1024;
  multi_accept on;
http {
  perl_modules  perl/lib;
  perl_require  mailauth.pm;
  server {
    location /auth {
      perl  mailauth::handler;
mail {
  pop3_capabilities  "TOP"  "USER";
  imap_capabilities  "IMAP4rev1"  "UIDPLUS";
  server {
    listen     110;
    protocol   pop3;
    proxy      on;
  server {
    listen     143;
    protocol   imap;
    proxy      on;

The ultrafast nginx based authentifier. nginx/perl/lib/mailauth.pm

package mailauth;
use nginx;
use DBI;
my $dsn="DBI:mysql:database=DBNAME;host=HOSTNAME";
our $dbh=DBI->connect_cached($dsn, 'dbusername', 'dbpass', {AutoCommit => 1});
our $sth=$dbh->prepare("select password,mail_server from mailaccounts where username=? limit 1");
our $auth_ok;
our $mail_server_ip={};
our $protocol_ports={};
sub handler {
  my $r = shift;
  my $hash=$sth->fetchrow_hashref();
  # assuming that the query results password and mail_server
  # assuming that the password is in crypt format
  if (crypt($r->header_in("Auth-Pass"), $hash->{'password'}) eq $r->header_in("Auth-Pass")){
  if ($auth_ok==1){
    $r->header_out("Auth-Status", "OK") ;
    $r->header_out("Auth-Server", $mail_server_ip->{$hash->{'mail_server'}});
    $r->header_out("Auth-Port", $protocol_ports->{$r->header_in("Auth-Protocol")});
  } else {
    $r->header_out("Auth-Status", "Invalid login or password") ;
  return OK;