aboutsummaryrefslogtreecommitdiff
path: root/src/mail/ngx_mail.h
Commit message (Collapse)AuthorAge
* Mail: connections with wrong ALPN protocols are now rejected.Vladimir Homutov2021-10-20
| | | | | | | | | | | This is a recommended behavior by RFC 7301 and is useful for mitigation of protocol confusion attacks [1]. For POP3 and IMAP protocols IANA-assigned ALPN IDs are used [2]. For the SMTP protocol "smtp" is used. [1] https://alpaca-attack.com/ [2] https://www.iana.org/assignments/tls-extensiontype-values/
* Mail: max_errors directive.Maxim Dounin2021-05-19
| | | | | Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands in Exim, specifies the number of errors after which the connection is closed.
* Mail: IMAP pipelining support.Maxim Dounin2021-05-19
| | | | | | | | | | The change is mostly the same as the SMTP one (04e43d03e153 and 3f5d0af4e40a), and ensures that nginx is able to properly handle or reject multiple IMAP commands. The s->cmd field is not really used and set for consistency. Non-synchronizing literals handling in invalid/unknown commands is limited, so when a non-synchronizing literal is detected at the end of a discarded line, the connection is closed.
* Mail: removed dead s->arg_start handling.Maxim Dounin2021-05-19
| | | | | | | | As discussed in the previous change, s->arg_start handling in the "done" labels of ngx_mail_pop3_parse_command(), ngx_mail_imap_parse_command(), and ngx_mail_smtp_parse_command() is wrong: s->arg_start cannot be set there, as it is handled and cleared on all code paths where the "done" labels are reached. The relevant code is dead and now removed.
* Mail: sending of the PROXY protocol to backends.Maxim Dounin2021-03-05
| | | | | | Activated with the "proxy_protocol" directive. Can be combined with "listen ... proxy_protocol;" and "set_real_ip_from ...;" to pass client address provided to nginx in the PROXY protocol header.
* Mail: realip module.Maxim Dounin2021-03-05
| | | | | When configured with the "set_real_ip_from", it can set client's IP address as visible in logs to the one obtained via the PROXY protocol.
* Mail: parsing of the PROXY protocol from clients.Maxim Dounin2021-03-05
| | | | | | | Activated with the "proxy_protocol" parameter of the "listen" directive. Obtained information is passed to the auth_http script in Proxy-Protocol-Addr, Proxy-Protocol-Port, Proxy-Protocol-Server-Addr, and Proxy-Protocol-Server-Port headers.
* Mail: postponed session initialization under accept mutex.Maxim Dounin2021-03-05
| | | | | | Similarly to 40e8ce405859 in the stream module, this reduces the time accept mutex is held. This also simplifies following changes to introduce PROXY protocol support.
* Mail: proxy_smtp_auth directive.Maxim Dounin2020-10-03
| | | | | | | | | The proxy_smtp_auth directive instructs nginx to authenticate users on backend via the AUTH command (using the PLAIN SASL mechanism), similar to what is normally done for IMAP and POP3. If xclient is enabled along with proxy_smtp_auth, the XCLIENT command won't try to send the LOGIN parameter.
* Multiple addresses in "listen".Roman Arutyunyan2019-03-15
| | | | | | Previously only one address was used by the listen directive handler even if host name resolved to multiple addresses. Now a separate listening socket is created for each address.
* Mail: configurable socket buffer sizes.Vladimir Homutov2017-04-03
| | | | | The "rcvbuf" and "sndbuf" parameters are now supported by the "listen" directive.
* Mail: support SASL EXTERNAL (RFC 4422).Rob N ★2016-10-08
| | | | | | | | | | | This is needed to allow TLS client certificate auth to work. With ssl_verify_client configured, the auth daemon can choose to allow the connection to proceed based on the certificate data. This has been tested with Thunderbird for IMAP only. I've not yet found a client that will do client certificate auth for POP3 or SMTP, and the method is not really documented anywhere that I can find. That said, its simple enough that the way I've done is probably right.
* Modules compatibility: removed dependencies on NGX_MAIL_SSL.Maxim Dounin2016-10-10
| | | | | External structures are now identical regardless of mail SSL module compiled in or not.
* Modules compatibility: removed unneeded IPV6_V6ONLY checks.Maxim Dounin2016-10-03
| | | | | | | | | | The IPV6_V6ONLY macro is now checked only while parsing appropriate flag and when using the macro. The ipv6only field in listen structures is always initialized to 1, even if not supported on a given platform. This is expected to prevent a module compiled without IPV6_V6ONLY from accidentally creating dual sockets if loaded into main binary with proper IPV6_V6ONLY support.
* Ensure "listen" exists in a mail or stream server (ticket #1049).Roman Arutyunyan2016-08-17
|
* Fixed wrong type of the "line" field.Roman Arutyunyan2016-08-18
| | | | The new type ngx_uint_t was supposed when formatting the line number.
* Renamed "u" to "sockaddr" in listen options types.Maxim Dounin2016-05-23
|
* Introduced the ngx_sockaddr_t type.Ruslan Ermilov2016-05-23
| | | | It's properly aligned and can hold any supported sockaddr.
* Use ngx_cmp_sockaddr() where appropriate.Ruslan Ermilov2016-05-20
|
* Style.Ruslan Ermilov2016-03-30
|
* Mail: listen backlog=.Ruslan Ermilov2015-06-08
|
* Mail: embed ngx_mail_listen_t into ngx_mail_conf_addr_t.Ruslan Ermilov2015-06-08
|
* Removed the deprecated "so_keepalive" directive.Ruslan Ermilov2015-04-29
|
* Mail: error_log support.Vladimir Homutov2015-02-20
|
* Mail: client SSL certificates support.Maxim Dounin2015-02-25
| | | | | | | | | | | | | | | | | | The "ssl_verify_client", "ssl_verify_depth", "ssl_client_certificate", "ssl_trusted_certificate", and "ssl_crl" directives introduced to control SSL client certificate verification in mail proxy module. If there is a certificate, detail of the certificate are passed to the auth_http script configured via Auth-SSL-Verify, Auth-SSL-Subject, Auth-SSL-Issuer, Auth-SSL-Serial, Auth-SSL-Fingerprint headers. If the auth_http_pass_client_cert directive is set, client certificate in PEM format will be passed in the Auth-SSL-Cert header (urlencoded). If there is no required certificate provided during an SSL handshake or certificate verification fails then a protocol-specific error is returned after the SSL handshake and the connection is closed. Based on previous work by Sven Peter, Franck Levionnois and Filipe Da Silva.
* Mail: smtp pipelining support.Maxim Dounin2013-09-30
| | | | | | | | | | | Basically, this does the following two changes (and corresponding modifications of related code): 1. Does not reset session buffer unless it's reached it's end, and always wait for LF to terminate command (even if we detected invalid command). 2. Record command name to make it available for handlers (since now we can't assume that command starts from s->buffer->start).
* Core: ipv6only is now on by default.Ruslan Ermilov2012-07-30
| | | | | | | | | | There is a general consensus that this change results in better consistency between different operating systems and differently tuned operating systems. Note: this changes the width and meaning of the ipv6only field of the ngx_listening_t structure. 3rd party modules that create their own listening sockets might need fixing.
* Copyright updated.Maxim Konovalov2012-01-18
|
* Added the "so_keepalive=" parameter to the "listen" directive.Valentin Bartenev2011-12-05
| | | | | | The "so_keepalive" directive in mail module was deprecated. Thanks to Vsevolod Stakhov for initial work.
* rename ngx_peer_addr_t to ngx_addr_tIgor Sysoev2009-11-02
|
* mail proxy listen IPv6 supportIgor Sysoev2009-05-18
|
* send HELO/EHLO after XCLIENTIgor Sysoev2009-02-10
| | | | patch by Maxim Dounin
* compatibility with Microsoft'sIgor Sysoev2009-02-09
| | | | | AUTH LOGIN [base64 encoded user name ] patch by Maxim Dounin
* smtp_auth noneIgor Sysoev2008-11-13
| | | | patch by Maxim Dounin
* *) listen sslIgor Sysoev2008-09-01
| | | | *) no default ssl_cetificate and ssl_cetificate_key
* resolver in smtp proxy moduleIgor Sysoev2008-02-13
|
* fix typoIgor Sysoev2007-11-30
|
* ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_moduleIgor Sysoev2007-09-15
|
* optimizationsIgor Sysoev2007-09-14
|
* smtp_client_buffer and smtp_greeting_delayIgor Sysoev2007-09-14
|
* optimizationsIgor Sysoev2007-09-13
|
* style fix and optimizationsIgor Sysoev2007-09-13
|
* split pop3, imap, and smtp handlersIgor Sysoev2007-09-13
|
* IMAP AUTHENTICATEIgor Sysoev2007-07-20
| | | | patch by Maxim Dounin
* SMTP STARTTLSIgor Sysoev2007-07-20
| | | | patch by Maxim Dounin
* Many changes:Igor Sysoev2007-03-19
*) rename imap to mail, sort pop3/imap functions *) smtp auth support *) pop3 starttls only *) fix segfault if cram-md5 was used without apop
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-20 16:36:07 +0000