nginx.git/src/mail/ngx_mail_proxy_module.c, branch release-1.30.0 nginx Mail: xtext encoding (RFC 3461) in XCLIENT LOGIN. 2025-09-26T13:04:20+00:00 Sergey Kandaurov pluknet@nginx.com 2025-09-11T14:23:10+00:00 6f81314a070201afc4e25b975b1f915698cff634 The XCLIENT command uses xtext encoding for attribute values, as specified in https://www.postfix.org/XCLIENT_README.html. Reported by Igor Morgenstern of Aisle Research. 
The XCLIENT command uses xtext encoding for attribute values,
as specified in https://www.postfix.org/XCLIENT_README.html.

Reported by Igor Morgenstern of Aisle Research.
Mail: handling of LOGIN IMAP command untagged response. 2024-11-26T15:07:17+00:00 Sergey Kandaurov pluknet@nginx.com 2024-10-23T20:52:21+00:00 ce88b171236de50843dba2c427a8b3e42778f2ca In particular, an untagged CAPABILITY response as described in the interim RFC 3501 internet drafts was seen in various IMAP servers. Previously resulted in a broken connection, now an untagged response is proxied to client. 
In particular, an untagged CAPABILITY response as described in the
interim RFC 3501 internet drafts was seen in various IMAP servers.
Previously resulted in a broken connection, now an untagged response
is proxied to client.
Mail: fixed handling of blocked client read events in proxy. 2023-03-23T23:53:21+00:00 Maxim Dounin mdounin@mdounin.ru 2023-03-23T23:53:21+00:00 2ca4355bf02ab454d6f216dab142816a626d7547 When establishing a connection to the backend, nginx blocks reading from the client with ngx_mail_proxy_block_read(). Previously, such events were lost, and in some cases this resulted in connection hangs. Notably, this affected mail_imap_ssl.t on Windows, since the test closes connections after requesting authentication, but without waiting for any responses (so the connection close events might be lost). Fix is to post an event to read from the client after connecting to the backend if there were blocked events. 
When establishing a connection to the backend, nginx blocks reading
from the client with ngx_mail_proxy_block_read().  Previously, such
events were lost, and in some cases this resulted in connection hangs.

Notably, this affected mail_imap_ssl.t on Windows, since the test
closes connections after requesting authentication, but without
waiting for any responses (so the connection close events might be
lost).

Fix is to post an event to read from the client after connecting to
the backend if there were blocked events.
Increased maximum read PROXY protocol header size. 2022-11-02T09:46:16+00:00 Roman Arutyunyan arut@nginx.com 2022-11-02T09:46:16+00:00 7600ca028644d3ecc7e62499d71bbe21fe3bda0d Maximum size for reading the PROXY protocol header is increased to 4096 to accommodate a bigger number of TLVs, which are supported since cca4c8a715de. Maximum size for writing the PROXY protocol header is not changed since only version 1 is currently supported. 
Maximum size for reading the PROXY protocol header is increased to 4096 to
accommodate a bigger number of TLVs, which are supported since cca4c8a715de.

Maximum size for writing the PROXY protocol header is not changed since only
version 1 is currently supported.
Mail: IMAP pipelining support. 2021-05-19T00:13:28+00:00 Maxim Dounin mdounin@mdounin.ru 2021-05-19T00:13:28+00:00 5015209054f68141cd4f5f61e874d4497d4ef49c The change is mostly the same as the SMTP one (04e43d03e153 and 3f5d0af4e40a), and ensures that nginx is able to properly handle or reject multiple IMAP commands. The s->cmd field is not really used and set for consistency. Non-synchronizing literals handling in invalid/unknown commands is limited, so when a non-synchronizing literal is detected at the end of a discarded line, the connection is closed. 
The change is mostly the same as the SMTP one (04e43d03e153 and 3f5d0af4e40a),
and ensures that nginx is able to properly handle or reject multiple IMAP
commands.  The s->cmd field is not really used and set for consistency.

Non-synchronizing literals handling in invalid/unknown commands is limited,
so when a non-synchronizing literal is detected at the end of a discarded
line, the connection is closed.
Mail: POP3 pipelining support. 2021-05-19T00:13:18+00:00 Maxim Dounin mdounin@mdounin.ru 2021-05-19T00:13:18+00:00 d96d60d2e0a41a4e01163f7e5d1835e028f94b72 The change is mostly the same as the SMTP one (04e43d03e153 and 3f5d0af4e40a), and ensures that nginx is able to properly handle or reject multiple POP3 commands, as required by the PIPELINING capability (RFC 2449). The s->cmd field is not really used and set for consistency. 
The change is mostly the same as the SMTP one (04e43d03e153 and 3f5d0af4e40a),
and ensures that nginx is able to properly handle or reject multiple POP3
commands, as required by the PIPELINING capability (RFC 2449).  The s->cmd
field is not really used and set for consistency.
Mail: fixed SMTP pipelining to send the response immediately. 2021-05-19T00:13:12+00:00 Maxim Dounin mdounin@mdounin.ru 2021-05-19T00:13:12+00:00 60a5a6f0d37b2e10d8d4aab97b64f4048e99c99a Previously, if there were some pipelined SMTP data in the buffer when a proxied connection with the backend was established, nginx called ngx_mail_proxy_handler() to send these data, and not tried to send the response to the last command. In most cases, this response was later sent along with the response to the pipelined command, but if for some reason client decides to wait for the response before finishing the next command this might result in a connection hang. Fix is to always call ngx_mail_proxy_handler() to send the response, and additionally post an event to send the pipelined data if needed. 
Previously, if there were some pipelined SMTP data in the buffer when
a proxied connection with the backend was established, nginx called
ngx_mail_proxy_handler() to send these data, and not tried to send the
response to the last command.  In most cases, this response was later sent
along with the response to the pipelined command, but if for some reason
client decides to wait for the response before finishing the next command
this might result in a connection hang.

Fix is to always call ngx_mail_proxy_handler() to send the response, and
additionally post an event to send the pipelined data if needed.
Mail: sending of the PROXY protocol to backends. 2021-03-05T14:16:32+00:00 Maxim Dounin mdounin@mdounin.ru 2021-03-05T14:16:32+00:00 6538d93067c07d446826f3d9b9cb9a3a01df0d0b Activated with the "proxy_protocol" directive. Can be combined with "listen ... proxy_protocol;" and "set_real_ip_from ...;" to pass client address provided to nginx in the PROXY protocol header. 
Activated with the "proxy_protocol" directive.  Can be combined with
"listen ... proxy_protocol;" and "set_real_ip_from ...;" to pass
client address provided to nginx in the PROXY protocol header.
Mail: added missing event handling after reading data. 2021-03-05T14:16:17+00:00 Maxim Dounin mdounin@mdounin.ru 2021-03-05T14:16:17+00:00 065a1641b242538073e92065e20fd788203108ab If we need to be notified about further events, ngx_handle_read_event() needs to be called after a read event is processed. Without this, an event can be removed from the kernel and won't be reported again, notably when using oneshot event methods, such as eventport on Solaris. For consistency, existing ngx_handle_read_event() call removed from ngx_mail_read_command(), as this call only covers one of the code paths where ngx_mail_read_command() returns NGX_AGAIN. Instead, appropriate processing added to the callers, covering all code paths where NGX_AGAIN is returned. 
If we need to be notified about further events, ngx_handle_read_event()
needs to be called after a read event is processed.  Without this,
an event can be removed from the kernel and won't be reported again,
notably when using oneshot event methods, such as eventport on Solaris.

For consistency, existing ngx_handle_read_event() call removed from
ngx_mail_read_command(), as this call only covers one of the code paths
where ngx_mail_read_command() returns NGX_AGAIN.  Instead, appropriate
processing added to the callers, covering all code paths where NGX_AGAIN
is returned.
Mail: proxy_smtp_auth directive. 2020-10-03T18:04:57+00:00 Maxim Dounin mdounin@mdounin.ru 2020-10-03T18:04:57+00:00 1e92a0a4cef98902aed35d7b402a6a402951aba4 The proxy_smtp_auth directive instructs nginx to authenticate users on backend via the AUTH command (using the PLAIN SASL mechanism), similar to what is normally done for IMAP and POP3. If xclient is enabled along with proxy_smtp_auth, the XCLIENT command won't try to send the LOGIN parameter. 
The proxy_smtp_auth directive instructs nginx to authenticate users
on backend via the AUTH command (using the PLAIN SASL mechanism),
similar to what is normally done for IMAP and POP3.

If xclient is enabled along with proxy_smtp_auth, the XCLIENT command
won't try to send the LOGIN parameter.