aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/mail/ngx_mail.h14
-rw-r--r--src/mail/ngx_mail_auth_http_module.c37
-rw-r--r--src/mail/ngx_mail_imap_module.c3
-rw-r--r--src/mail/ngx_mail_parse.c2
-rw-r--r--src/mail/ngx_mail_proxy_module.c109
-rw-r--r--src/mail/ngx_mail_smtp_handler.c153
-rw-r--r--src/mail/ngx_mail_smtp_module.c68
7 files changed, 330 insertions, 56 deletions
diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
index 03297e2b4..4052efea7 100644
--- a/src/mail/ngx_mail.h
+++ b/src/mail/ngx_mail.h
@@ -136,8 +136,12 @@ typedef enum {
ngx_smtp_auth_plain,
ngx_smtp_auth_cram_md5,
ngx_smtp_helo,
- ngx_smtp_noxclient,
- ngx_smtp_xclient
+ ngx_smtp_helo_xclient,
+ ngx_smtp_helo_from,
+ ngx_smtp_xclient,
+ ngx_smtp_xclient_from,
+ ngx_smtp_from,
+ ngx_smtp_to
} ngx_smtp_state_e;
@@ -173,7 +177,7 @@ typedef struct {
unsigned no_sync_literal:1;
unsigned starttls:1;
unsigned esmtp:1;
- unsigned auth_method:2;
+ unsigned auth_method:3;
unsigned auth_wait:1;
ngx_str_t login;
@@ -187,6 +191,8 @@ typedef struct {
ngx_str_t *addr_text;
ngx_str_t host;
ngx_str_t smtp_helo;
+ ngx_str_t smtp_from;
+ ngx_str_t smtp_to;
ngx_uint_t command;
ngx_array_t args;
@@ -256,12 +262,14 @@ typedef struct {
#define NGX_MAIL_AUTH_LOGIN 1
#define NGX_MAIL_AUTH_APOP 2
#define NGX_MAIL_AUTH_CRAM_MD5 3
+#define NGX_MAIL_AUTH_NONE 4
#define NGX_MAIL_AUTH_PLAIN_ENABLED 0x0002
#define NGX_MAIL_AUTH_LOGIN_ENABLED 0x0004
#define NGX_MAIL_AUTH_APOP_ENABLED 0x0008
#define NGX_MAIL_AUTH_CRAM_MD5_ENABLED 0x0010
+#define NGX_MAIL_AUTH_NONE_ENABLED 0x0020
#define NGX_MAIL_PARSE_INVALID_COMMAND 20
diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c
index d92e2c303..dac7b6a7b 100644
--- a/src/mail/ngx_mail_auth_http_module.c
+++ b/src/mail/ngx_mail_auth_http_module.c
@@ -141,7 +141,8 @@ static ngx_str_t ngx_mail_auth_http_method[] = {
ngx_string("plain"),
ngx_string("plain"),
ngx_string("apop"),
- ngx_string("cram-md5")
+ ngx_string("cram-md5"),
+ ngx_string("none")
};
static ngx_str_t ngx_mail_smtp_errcode = ngx_string("535 5.7.0");
@@ -1165,6 +1166,10 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
+ sizeof(CRLF) - 1
+ sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
+ sizeof(CRLF) - 1
+ + sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1
+ + sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len
+ + sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len
+ + sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len
+ ahcf->header.len
+ sizeof(CRLF) - 1;
@@ -1216,9 +1221,37 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
b->last = ngx_cpymem(b->last, "Client-IP: ", sizeof("Client-IP: ") - 1);
b->last = ngx_copy(b->last, s->connection->addr_text.data,
- s->connection->addr_text.len);
+ s->connection->addr_text.len);
*b->last++ = CR; *b->last++ = LF;
+ if (s->host.len) {
+ b->last = ngx_cpymem(b->last, "Client-Host: ",
+ sizeof("Client-Host: ") - 1);
+ b->last = ngx_copy(b->last, s->host.data, s->host.len);
+ *b->last++ = CR; *b->last++ = LF;
+ }
+
+ if (s->auth_method == NGX_MAIL_AUTH_NONE) {
+
+ /* HELO, MAIL FROM, and RCPT TO can't contain CRLF, no need to escape */
+
+ b->last = ngx_cpymem(b->last, "Auth-SMTP-Helo: ",
+ sizeof("Auth-SMTP-Helo: ") - 1);
+ b->last = ngx_copy(b->last, s->smtp_helo.data, s->smtp_helo.len);
+ *b->last++ = CR; *b->last++ = LF;
+
+ b->last = ngx_cpymem(b->last, "Auth-SMTP-From: ",
+ sizeof("Auth-SMTP-From: ") - 1);
+ b->last = ngx_copy(b->last, s->smtp_from.data, s->smtp_from.len);
+ *b->last++ = CR; *b->last++ = LF;
+
+ b->last = ngx_cpymem(b->last, "Auth-SMTP-To: ",
+ sizeof("Auth-SMTP-To: ") - 1);
+ b->last = ngx_copy(b->last, s->smtp_to.data, s->smtp_to.len);
+ *b->last++ = CR; *b->last++ = LF;
+
+ }
+
if (ahcf->header.len) {
b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len);
}
diff --git a/src/mail/ngx_mail_imap_module.c b/src/mail/ngx_mail_imap_module.c
index 2d72397eb..daf2a433f 100644
--- a/src/mail/ngx_mail_imap_module.c
+++ b/src/mail/ngx_mail_imap_module.c
@@ -36,7 +36,8 @@ static ngx_str_t ngx_mail_imap_auth_methods_names[] = {
ngx_string("AUTH=PLAIN"),
ngx_string("AUTH=LOGIN"),
ngx_null_string, /* APOP */
- ngx_string("AUTH=CRAM-MD5")
+ ngx_string("AUTH=CRAM-MD5"),
+ ngx_null_string /* NONE */
};
diff --git a/src/mail/ngx_mail_parse.c b/src/mail/ngx_mail_parse.c
index e558d2f48..a2d3f48ad 100644
--- a/src/mail/ngx_mail_parse.c
+++ b/src/mail/ngx_mail_parse.c
@@ -746,7 +746,7 @@ ngx_mail_smtp_parse_command(ngx_mail_session_t *s)
s->arg_end = p;
goto done;
default:
- if (s->args.nelts <= 2) {
+ if (s->args.nelts <= 10) {
state = sw_argument;
s->arg_start = p;
break;
diff --git a/src/mail/ngx_mail_proxy_module.c b/src/mail/ngx_mail_proxy_module.c
index f8757beb7..c92cbba55 100644
--- a/src/mail/ngx_mail_proxy_module.c
+++ b/src/mail/ngx_mail_proxy_module.c
@@ -104,7 +104,8 @@ ngx_module_t ngx_mail_proxy_module = {
};
-static u_char smtp_ok[] = "235 2.0.0 OK" CRLF;
+static u_char smtp_auth_ok[] = "235 2.0.0 OK" CRLF;
+static u_char smtp_ok[] = "250 2.0.0 OK" CRLF;
void
@@ -465,6 +466,7 @@ ngx_mail_proxy_smtp_handler(ngx_event_t *rev)
u_char *p;
ngx_int_t rc;
ngx_str_t line;
+ ngx_buf_t *b;
ngx_connection_t *c;
ngx_mail_session_t *s;
ngx_mail_proxy_conf_t *pcf;
@@ -520,11 +522,19 @@ ngx_mail_proxy_smtp_handler(ngx_event_t *rev)
p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
*p++ = CR; *p = LF;
- s->mail_state = pcf->xclient ? ngx_smtp_helo: ngx_smtp_noxclient;
+ if (pcf->xclient) {
+ s->mail_state = ngx_smtp_helo_xclient;
+
+ } else if (s->auth_method == NGX_MAIL_AUTH_NONE) {
+ s->mail_state = ngx_smtp_helo_from;
+
+ } else {
+ s->mail_state = ngx_smtp_helo;
+ }
break;
- case ngx_smtp_helo:
+ case ngx_smtp_helo_xclient:
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
"mail proxy send xclient");
@@ -541,30 +551,76 @@ ngx_mail_proxy_smtp_handler(ngx_event_t *rev)
return;
}
- if (s->smtp_helo.len) {
- line.len = ngx_sprintf(line.data,
- "XCLIENT PROTO=%sSMTP HELO=%V ADDR=%V LOGIN=%V "
- "NAME=%V" CRLF,
- (s->esmtp ? "E" : ""), &s->smtp_helo,
- &s->connection->addr_text, &s->login, &s->host)
- - line.data;
- } else {
- line.len = ngx_sprintf(line.data,
- "XCLIENT PROTO=SMTP ADDR=%V LOGIN=%V NAME=%V" CRLF,
- &s->connection->addr_text, &s->login, &s->host)
- - line.data;
+ line.len = ngx_sprintf(line.data,
+ "XCLIENT PROTO=%sSMTP%s%V ADDR=%V%s%V NAME=%V" CRLF,
+ (s->esmtp ? "E" : ""),
+ (s->smtp_helo.len ? " HELO=" : ""), &s->smtp_helo,
+ &s->connection->addr_text,
+ (s->login.len ? " LOGIN=" : ""), &s->login, &s->host)
+ - line.data;
+
+ s->mail_state = (s->auth_method == NGX_MAIL_AUTH_NONE) ?
+ ngx_smtp_xclient_from : ngx_smtp_xclient;
+
+ break;
+
+ case ngx_smtp_helo_from:
+ case ngx_smtp_xclient_from:
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
+ "mail proxy send mail from");
+
+ s->connection->log->action = "sending MAIL FROM to upstream";
+
+ line.len = s->smtp_from.len + sizeof(CRLF) - 1;
+ line.data = ngx_pnalloc(c->pool, line.len);
+ if (line.data == NULL) {
+ ngx_mail_proxy_internal_server_error(s);
+ return;
+ }
+
+ p = ngx_cpymem(line.data, s->smtp_from.data, s->smtp_from.len);
+ *p++ = CR; *p = LF;
+
+ s->mail_state = ngx_smtp_from;
+
+ break;
+
+ case ngx_smtp_from:
+ ngx_log_debug0(NGX_LOG_DEBUG_MAIL, rev->log, 0,
+ "mail proxy send rcpt to");
+
+ s->connection->log->action = "sending RCPT TO to upstream";
+
+ line.len = s->smtp_to.len + sizeof(CRLF) - 1;
+ line.data = ngx_pnalloc(c->pool, line.len);
+ if (line.data == NULL) {
+ ngx_mail_proxy_internal_server_error(s);
+ return;
}
- s->mail_state = ngx_smtp_xclient;
+ p = ngx_cpymem(line.data, s->smtp_to.data, s->smtp_to.len);
+ *p++ = CR; *p = LF;
+
+ s->mail_state = ngx_smtp_to;
+
break;
- case ngx_smtp_noxclient:
+ case ngx_smtp_helo:
case ngx_smtp_xclient:
+ case ngx_smtp_to:
+
+ b = s->proxy->buffer;
+
+ if (s->auth_method == NGX_MAIL_AUTH_NONE) {
+ ngx_memcpy(b->start, smtp_ok, sizeof(smtp_ok) - 1);
+ b->last = b->start + sizeof(smtp_ok) - 1;
- ngx_memcpy(s->proxy->buffer->start, smtp_ok, sizeof(smtp_ok) - 1);
+ } else {
+ ngx_memcpy(b->start, smtp_auth_ok, sizeof(smtp_auth_ok) - 1);
+ b->last = b->start + sizeof(smtp_auth_ok) - 1;
+ }
- s->proxy->buffer->pos = s->proxy->buffer->start;
- s->proxy->buffer->last = s->proxy->buffer->start + sizeof(smtp_ok) - 1;
+ b->pos = b->start;
s->connection->read->handler = ngx_mail_proxy_handler;
s->connection->write->handler = ngx_mail_proxy_handler;
@@ -704,18 +760,27 @@ ngx_mail_proxy_read_response(ngx_mail_session_t *s, ngx_uint_t state)
switch (state) {
case ngx_smtp_helo:
- case ngx_smtp_noxclient:
+ case ngx_smtp_helo_from:
+ case ngx_smtp_helo_xclient:
+ case ngx_smtp_from:
+ case ngx_smtp_to:
if (p[0] == '2' && p[1] == '5' && p[2] == '0') {
return NGX_OK;
}
break;
case ngx_smtp_start:
- case ngx_smtp_xclient:
if (p[0] == '2' && p[1] == '2' && p[2] == '0') {
return NGX_OK;
}
break;
+
+ case ngx_smtp_xclient:
+ case ngx_smtp_xclient_from:
+ if (p[0] == '2' && (p[1] == '2' || p[1] == '5') && p[2] == '0') {
+ return NGX_OK;
+ }
+ break;
}
break;
diff --git a/src/mail/ngx_mail_smtp_handler.c b/src/mail/ngx_mail_smtp_handler.c
index 722354aa9..1a89f1749 100644
--- a/src/mail/ngx_mail_smtp_handler.c
+++ b/src/mail/ngx_mail_smtp_handler.c
@@ -23,6 +23,8 @@ static ngx_int_t ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_starttls(ngx_mail_session_t *s,
ngx_connection_t *c);
+static ngx_int_t ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c);
+static ngx_int_t ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c);
static ngx_int_t ngx_mail_smtp_discard_command(ngx_mail_session_t *s,
ngx_connection_t *c, char *err);
@@ -41,6 +43,7 @@ static u_char smtp_invalid_pipelining[] =
"503 5.5.0 Improper use of SMTP command pipelining" CRLF;
static u_char smtp_invalid_argument[] = "501 5.5.4 Invalid argument" CRLF;
static u_char smtp_auth_required[] = "530 5.7.1 Authentication required" CRLF;
+static u_char smtp_bad_sequence[] = "503 5.5.1 Bad sequence of commands" CRLF;
static ngx_str_t smtp_unavailable = ngx_string("[UNAVAILABLE]");
@@ -417,8 +420,15 @@ ngx_mail_smtp_auth_state(ngx_event_t *rev)
rc = ngx_mail_smtp_mail(s, c);
break;
- case NGX_SMTP_NOOP:
+ case NGX_SMTP_RCPT:
+ rc = ngx_mail_smtp_rcpt(s, c);
+ break;
+
case NGX_SMTP_RSET:
+ rc = ngx_mail_smtp_rset(s, c);
+ break;
+
+ case NGX_SMTP_NOOP:
break;
case NGX_SMTP_STARTTLS:
@@ -513,6 +523,11 @@ ngx_mail_smtp_helo(ngx_mail_session_t *s, ngx_connection_t *c)
ngx_memcpy(s->smtp_helo.data, arg[0].data, arg[0].len);
+ s->smtp_from.len = 0;
+ s->smtp_from.data = NULL;
+ s->smtp_to.len = 0;
+ s->smtp_to.data = NULL;
+
sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
if (s->command == NGX_SMTP_HELO) {
@@ -618,10 +633,136 @@ ngx_mail_smtp_auth(ngx_mail_session_t *s, ngx_connection_t *c)
static ngx_int_t
ngx_mail_smtp_mail(ngx_mail_session_t *s, ngx_connection_t *c)
{
- ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
+ u_char ch;
+ ngx_str_t l;
+ ngx_uint_t i;
+ ngx_mail_smtp_srv_conf_t *sscf;
+
+ sscf = ngx_mail_get_module_srv_conf(s, ngx_mail_smtp_module);
+
+ if (!(sscf->auth_methods & NGX_MAIL_AUTH_NONE_ENABLED)) {
+ ngx_mail_smtp_log_rejected_command(s, c, "client was rejected: \"%V\"");
+
+ s->out.len = sizeof(smtp_auth_required) - 1;
+ s->out.data = smtp_auth_required;
+
+ return NGX_OK;
+ }
+
+ /* auth none */
+
+ if (s->smtp_from.len) {
+ s->out.len = sizeof(smtp_bad_sequence) - 1;
+ s->out.data = smtp_bad_sequence;
+ return NGX_OK;
+ }
+
+ l.len = s->buffer->last - s->buffer->start;
+ l.data = s->buffer->start;
+
+ for (i = 0; i < l.len; i++) {
+ ch = l.data[i];
+
+ if (ch != CR && ch != LF) {
+ continue;
+ }
+
+ l.data[i] = ' ';
+ }
+
+ while (i) {
+ if (l.data[i - 1] != ' ') {
+ break;
+ }
+
+ i--;
+ }
+
+ l.len = i;
+
+ s->smtp_from.len = l.len;
+
+ s->smtp_from.data = ngx_pnalloc(c->pool, l.len);
+ if (s->smtp_from.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->smtp_from.data, l.data, l.len);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "smtp mail from:\"%V\"", &s->smtp_from);
+
+ s->out.len = sizeof(smtp_ok) - 1;
+ s->out.data = smtp_ok;
- s->out.len = sizeof(smtp_auth_required) - 1;
- s->out.data = smtp_auth_required;
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_mail_smtp_rcpt(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ u_char ch;
+ ngx_str_t l;
+ ngx_uint_t i;
+
+ if (s->smtp_from.len == 0) {
+ s->out.len = sizeof(smtp_bad_sequence) - 1;
+ s->out.data = smtp_bad_sequence;
+ return NGX_OK;
+ }
+
+ l.len = s->buffer->last - s->buffer->start;
+ l.data = s->buffer->start;
+
+ for (i = 0; i < l.len; i++) {
+ ch = l.data[i];
+
+ if (ch != CR && ch != LF) {
+ continue;
+ }
+
+ l.data[i] = ' ';
+ }
+
+ while (i) {
+ if (l.data[i - 1] != ' ') {
+ break;
+ }
+
+ i--;
+ }
+
+ l.len = i;
+
+ s->smtp_to.len = l.len;
+
+ s->smtp_to.data = ngx_pnalloc(c->pool, l.len);
+ if (s->smtp_to.data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->smtp_to.data, l.data, l.len);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
+ "smtp rcpt to:\"%V\"", &s->smtp_to);
+
+ s->auth_method = NGX_MAIL_AUTH_NONE;
+
+ return NGX_DONE;
+}
+
+
+static ngx_int_t
+ngx_mail_smtp_rset(ngx_mail_session_t *s, ngx_connection_t *c)
+{
+ s->smtp_from.len = 0;
+ s->smtp_from.data = NULL;
+ s->smtp_to.len = 0;
+ s->smtp_to.data = NULL;
+
+ s->out.len = sizeof(smtp_ok) - 1;
+ s->out.data = smtp_ok;
return NGX_OK;
}
@@ -644,6 +785,10 @@ ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c)
s->smtp_helo.len = 0;
s->smtp_helo.data = NULL;
+ s->smtp_from.len = 0;
+ s->smtp_from.data = NULL;
+ s->smtp_to.len = 0;
+ s->smtp_to.data = NULL;
c->read->handler = ngx_mail_starttls_handler;
return NGX_OK;
diff --git a/src/mail/ngx_mail_smtp_module.c b/src/mail/ngx_mail_smtp_module.c
index 92e9b06de..463bb6e0b 100644
--- a/src/mail/ngx_mail_smtp_module.c
+++ b/src/mail/ngx_mail_smtp_module.c
@@ -20,6 +20,7 @@ static ngx_conf_bitmask_t ngx_mail_smtp_auth_methods[] = {
{ ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED },
{ ngx_string("login"), NGX_MAIL_AUTH_LOGIN_ENABLED },
{ ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED },
+ { ngx_string("none"), NGX_MAIL_AUTH_NONE_ENABLED },
{ ngx_null_string, 0 }
};
@@ -28,7 +29,8 @@ static ngx_str_t ngx_mail_smtp_auth_methods_names[] = {
ngx_string("PLAIN"),
ngx_string("LOGIN"),
ngx_null_string, /* APOP */
- ngx_string("CRAM-MD5")
+ ngx_string("CRAM-MD5"),
+ ngx_null_string /* NONE */
};
@@ -136,10 +138,10 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_mail_smtp_srv_conf_t *prev = parent;
ngx_mail_smtp_srv_conf_t *conf = child;
- u_char *p, *auth;
+ u_char *p, *auth, *last;
size_t size;
ngx_str_t *c;
- ngx_uint_t i, m;
+ ngx_uint_t i, m, auth_enabled;
ngx_mail_core_srv_conf_t *cscf;
ngx_conf_merge_size_value(conf->client_buffer_size,
@@ -192,23 +194,29 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->capabilities = prev->capabilities;
}
- size = sizeof("250-") - 1 + cscf->server_name.len + sizeof(CRLF) - 1
- + sizeof("250 AUTH") - 1 + sizeof(CRLF) - 1;
+ size = sizeof("250-") - 1 + cscf->server_name.len + sizeof(CRLF) - 1;
c = conf->capabilities.elts;
for (i = 0; i < conf->capabilities.nelts; i++) {
size += sizeof("250 ") - 1 + c[i].len + sizeof(CRLF) - 1;
}
+ auth_enabled = 0;
+
for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
m <<= 1, i++)
{
if (m & conf->auth_methods) {
size += 1 + ngx_mail_smtp_auth_methods_names[i].len;
+ auth_enabled = 1;
}
}
+ if (auth_enabled) {
+ size += sizeof("250 AUTH") - 1 + sizeof(CRLF) - 1;
+ }
+
p = ngx_pnalloc(cf->pool, size);
if (p == NULL) {
return NGX_CONF_ERROR;
@@ -217,11 +225,14 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->capability.len = size;
conf->capability.data = p;
+ last = p;
+
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-';
p = ngx_cpymem(p, cscf->server_name.data, cscf->server_name.len);
*p++ = CR; *p++ = LF;
for (i = 0; i < conf->capabilities.nelts; i++) {
+ last = p;
*p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = '-';
p = ngx_cpymem(p, c[i].data, c[i].len);
*p++ = CR; *p++ = LF;
@@ -229,21 +240,28 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
auth = p;
- *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' ';
- *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H';
-
- for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
- m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
- m <<= 1, i++)
- {
- if (m & conf->auth_methods) {
- *p++ = ' ';
- p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data,
- ngx_mail_smtp_auth_methods_names[i].len);
+ if (auth_enabled) {
+ last = p;
+
+ *p++ = '2'; *p++ = '5'; *p++ = '0'; *p++ = ' ';
+ *p++ = 'A'; *p++ = 'U'; *p++ = 'T'; *p++ = 'H';
+
+ for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
+ m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED;
+ m <<= 1, i++)
+ {
+ if (m & conf->auth_methods) {
+ *p++ = ' ';
+ p = ngx_cpymem(p, ngx_mail_smtp_auth_methods_names[i].data,
+ ngx_mail_smtp_auth_methods_names[i].len);
+ }
}
- }
- *p++ = CR; *p = LF;
+ *p++ = CR; *p = LF;
+
+ } else {
+ last[3] = ' ';
+ }
size += sizeof("250 STARTTLS" CRLF) - 1;
@@ -255,14 +273,13 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->starttls_capability.len = size;
conf->starttls_capability.data = p;
- p = ngx_cpymem(p, conf->capability.data,
- conf->capability.len);
+ p = ngx_cpymem(p, conf->capability.data, conf->capability.len);
p = ngx_cpymem(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1);
*p++ = CR; *p = LF;
p = conf->starttls_capability.data
- + (auth - conf->capability.data) + 3;
+ + (last - conf->capability.data) + 3;
*p = '-';
size = (auth - conf->capability.data)
@@ -276,10 +293,15 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->starttls_only_capability.len = size;
conf->starttls_only_capability.data = p;
- p = ngx_cpymem(p, conf->capability.data,
- auth - conf->capability.data);
+ p = ngx_cpymem(p, conf->capability.data, auth - conf->capability.data);
ngx_memcpy(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1);
+ if (last < auth) {
+ p = conf->starttls_only_capability.data
+ + (last - conf->capability.data) + 3;
+ *p = '-';
+ }
+
return NGX_CONF_OK;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 07:33:12 +0000