id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1899 Enhance mail module with access control like ngx_http_access_module module weishen@… "We are running nginx as the mail proxy, but there are lots of invalid authentiations every day. We have got some ips to block, but found the mail module lacks deny/allow directives as ngx_http_access_module, so please add the feature. By the way, we have tried the stream module as a proxy to mail block. {{{ worker_processes 8; user root; events { use epoll; worker_connections 10240; } pid /opt/work/log/nginx_pop.pid; error_log /opt/work/log/error_pop.log error; mail { auth_http 127.0.0.1:8080/auth; timeout 5000; proxy on; xclient on; server { listen 127.0.0.1:1100; protocol pop3; } } stream { # deny IP include includes/deny_ip.conf; upstream @pop_up { server 127.0.0.1:1100; } # POP # ============================= server { listen 110; proxy_pass @pop_up; #proxy_pass 127.0.0.1:1100; } } }}} This method will not set the correct Client-IP header for the auth_http, all is 127.0.0.1, it impacts our analysis from the malicious flow. " enhancement closed major nginx-module 1.16.x wontfix "nginx version: nginx/1.16.1 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) built with OpenSSL 1.0.1e 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/opt/apps_install/nginx-1.16.1 --with-stream --with-stream_realip_module --with-mail --with-mail_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-ld-opt=-Wl,-rpath,/opt/nginx-1.16.1/lua/lib --add-module=../nginx-upload-progress-module --add-module=../ngx_cache_purge-2.3 --add-module=../headers-more-nginx-module --add-module=../nginx_upstream_check_module --with-openssl=../openssl-1.0.1e --with-zlib=../zlib-1.2.3 --add-module=../lua-nginx-module"