http://wiki.nginx.org/index.php?title=ImapAuthenticateWithEmbeddedPerlScript&feed=atom&action=history
ImapAuthenticateWithEmbeddedPerlScript - Revision history
2013-06-20T06:28:25Z
Revision history for this page on the wiki
MediaWiki 1.19.0
http://wiki.nginx.org/index.php?title=ImapAuthenticateWithEmbeddedPerlScript&diff=179&oldid=prev
MichaelLustfield: moved NginxImapAuthenticateWithEmbeddedPerlScript to ImapAuthenticateWithEmbeddedPerlScript: Removing Nginx prefix from page titles
2010-09-22T19:28:23Z
<p>moved <a href="/NginxImapAuthenticateWithEmbeddedPerlScript" class="mw-redirect" title="NginxImapAuthenticateWithEmbeddedPerlScript">NginxImapAuthenticateWithEmbeddedPerlScript</a> to <a href="/ImapAuthenticateWithEmbeddedPerlScript" title="ImapAuthenticateWithEmbeddedPerlScript">ImapAuthenticateWithEmbeddedPerlScript</a>: Removing Nginx prefix from page titles</p>
<p><b>New page</b></p><div>== Using nginx-embedded-perl module on the same server as the imap/pop proxy as the auth backend ==<br />
<br />
Note: this solution will block entire nginx worker when reading user information from DB and therefore not recommended for real use.<br />
<br />
* Note2: This solution is being used at at ISP with 35000+ mailboxes for almost 2 years now fine. If you want shameful plug, the ISP is Worldsoft ([http://worldsoft.info] )<br />
<br />
Start with the configuration from [NginxImapProxyExample] . For detail information about different configuration parameters, see the [NginxMailCoreModule] page.<br />
<br />
Configure nginx with embedded perl and mail<br />
<pre><br />
./configure --with-http_perl_module --with-mail<br />
</pre><br />
<br />
nginx/conf/nginx.conf<br />
<br />
<geshi lang="nginx"><br />
user nobody;<br />
worker_processes 1;<br />
error_log logs/error.log info;<br />
pid logs/nginx.pid;<br />
<br />
events {<br />
worker_connections 1024;<br />
multi_accept on;<br />
}<br />
<br />
http {<br />
perl_modules perl/lib;<br />
perl_require mailauth.pm;<br />
<br />
server {<br />
location /auth {<br />
perl mailauth::handler;<br />
}<br />
}<br />
}<br />
<br />
mail {<br />
auth_http 127.0.0.1:80/auth;<br />
<br />
pop3_capabilities "TOP" "USER";<br />
imap_capabilities "IMAP4rev1" "UIDPLUS";<br />
<br />
server {<br />
listen 110;<br />
protocol pop3;<br />
proxy on;<br />
}<br />
<br />
server {<br />
listen 143;<br />
protocol imap;<br />
proxy on;<br />
}<br />
}<br />
<br />
</geshi><br />
<br />
The ultrafast nginx based authentifier.<br />
nginx/perl/lib/mailauth.pm<br />
<br />
<geshi lang="perl"><br />
<br />
package mailauth;<br />
use nginx;<br />
use DBI;<br />
my $dsn="DBI:mysql:database=DBNAME;host=HOSTNAME";<br />
our $dbh=DBI->connect_cached($dsn, 'dbusername', 'dbpass', {AutoCommit => 1});<br />
our $sth=$dbh->prepare("select password,mail_server from mailaccounts where username=? limit 1");<br />
<br />
our $auth_ok;<br />
our $mail_server_ip={};<br />
our $protocol_ports={};<br />
$mail_server_ip->{'mailhost01'}="192.168.1.22";<br />
$mail_server_ip->{'mailhost02'}="192.168.1.33";<br />
$protocol_ports->{'pop3'}=110;<br />
$protocol_ports->{'imap'}=143;<br />
<br />
sub handler {<br />
my $r = shift;<br />
$auth_ok=0;<br />
<br />
$sth->execute($r->header_in("Auth-User"));<br />
my $hash=$sth->fetchrow_hashref();<br />
# assuming that the query results password and mail_server<br />
# assuming that the password is in crypt format<br />
<br />
if (crypt($r->header_in("Auth-Pass"), $hash->{'password'}) eq $r->header_in("Auth-Pass")){<br />
$auth_ok=1;<br />
}<br />
if ($auth_ok==1){<br />
$r->header_out("Auth-Status", "OK") ;<br />
$r->header_out("Auth-Server", $mail_server_ip->{$hash->{'mail_server'}});<br />
$r->header_out("Auth-Port", $protocol_ports->{$r->header_in("Auth-Protocol")});<br />
} else {<br />
$r->header_out("Auth-Status", "Invalid login or password") ;<br />
}<br />
<br />
$r->send_http_header("text/html");<br />
<br />
return OK;<br />
}<br />
<br />
1;<br />
__END__<br />
<br />
</geshi></div>
MichaelLustfield