A mruby-nginx example of how to do an Auth Router for a Mail Proxy

mruby_nginx_mail_auth_router.rb

backend = ""
request = Nginx::Request.new
auth_user = request.headers_in["Auth-User"]
domain = auth_user.split(/@/).last

backend_zimbra_open = "http://opmailbox1:7072/service/extension/nginx-lookup"
backend_zimbra_network = "http://nemailbox1:7072/service/extension/nginx-lookup"

auth_headers = {
  "Auth-User" => request.headers_in["Auth-User"],
  "Auth-Method" => request.headers_in["Auth-Method"],
  "Auth-Pass" => request.headers_in["Auth-Pass"],
  "Auth-Protocol" => request.headers_in["Auth-Protocol"]
}

def get_port_from_protocol(protocol)
  protomap = {
    "pops" => '995',
    'imaps' => '993',
    'pop' => '110',
    'pop3' => '110',
    'imap' => '143'
 }
 protomap[protocol]
end


http = HttpRequest.new()
result_headers = Nginx::Headers_out.new
master_response = false

# Probamos con Zimbra Open
open_response = http.get(backend_zimbra_open, nil, auth_headers)
network_response = http.get(backend_zimbra_network, nil, auth_headers)

if open_response.headers['auth-status'] == "OK"
  master_response = open_response
elsif network_response.headers['auth-status'] == "OK"
  master_response = network_response
end

if master_response
  %w(Auth-Status Auth-Server Auth-Port Auth-Cache-Alias Auth-User).each do |k|
    result_headers[k] = master_response.headers[k.downcase]
  end
  Nginx.echo ''
else
 result_headers['Auth-Status'] = 'OK'
 result_headers['Auth-Server'] = '201.238.246.173'
 result_headers['Auth-Port'] = get_port_from_protocol(auth_headers['Auth-Protocol'])
 result_headers['Auth-Cache-Alias'] = 'TRUE'
 result_headers['Auth-User'] = auth_headers['Auth-User']
 Nginx.echo ''
end

nginx.conf

worker_processes  1;

events {
    worker_connections  1024;
    multi_accept on;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server_tokens off;

server {
	proxy_pass_header Server;
  listen       80;
  server_name  localhost;

	location /authmail {
	  mruby_content_handler '/etc/nginx/ruby_src/authmail.rb';
	}
}

mail {
  auth_http  http://localhost/authmail;
  pop3_capabilities  "TOP"  "USER";
  imap_capabilities  "IMAP4rev1"  "UIDPLUS";

  ssl_certificate /etc/nginx/ssl/server.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;
  ssl_session_timeout 5m;
  ssl_protocols SSLv2 SSLv3 TLSv1;
  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers on;

  server {
    listen      143;
    protocol    imap;
    auth_http_header X-Auth-Port 143;
    auth_http_header User-Agent "Nginx IMAP4 proxy";
  }

  server {
    protocol    pop3;
    listen      110;
    starttls    on;
    pop3_auth   plain;
    auth_http_header X-Auth-Port 110;
    auth_http_header User-Agent "Nginx POP3 proxy";
  }

  server {
    protocol    imap;
    listen      993;
    ssl         on;
    auth_http_header X-Auth-Port 993;
    auth_http_header User-Agent "Nginx IMAPS proxy";
  }

  server {
    protocol    pop3;
    listen      995;
    ssl         on;
    pop3_auth   plain;
    auth_http_header X-Auth-Port 995;
    auth_http_header User-Agent "Nginx POP3S proxy";
  }

}