Mail: max_errors directive.

Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands in Exim, specifies the number of errors after which the connection is closed.
2021-05-19 03:13:31 +03:00 · 2021-05-19 03:13:31 +03:00 · d326c76aae
commit d326c76aae
parent ac3cf225a5
3 changed files with 27 additions and 1 deletions
--- a/src/mail/ngx_mail.h
+++ b/src/mail/ngx_mail.h
@ -115,6 +115,8 @@ typedef struct {
    ngx_msec_t              timeout;
    ngx_msec_t              resolver_timeout;

+    ngx_uint_t              max_errors;
+
    ngx_str_t               server_name;

    u_char                 *file_name;
@ -231,6 +233,7 @@ typedef struct {
    ngx_uint_t              command;
    ngx_array_t             args;

+    ngx_uint_t              errors;
    ngx_uint_t              login_attempt;

    /* used to parse POP3/IMAP/SMTP command */
--- a/src/mail/ngx_mail_core_module.c
+++ b/src/mail/ngx_mail_core_module.c
@ -85,6 +85,13 @@ static ngx_command_t  ngx_mail_core_commands[] = {
      offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
      NULL },

+    { ngx_string("max_errors"),
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_num_slot,
+      NGX_MAIL_SRV_CONF_OFFSET,
+      offsetof(ngx_mail_core_srv_conf_t, max_errors),
+      NULL },
+
      ngx_null_command
 };

@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
    cscf->timeout = NGX_CONF_UNSET_MSEC;
    cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;

+    cscf->max_errors = NGX_CONF_UNSET_UINT;
+
    cscf->resolver = NGX_CONF_UNSET_PTR;

    cscf->file_name = cf->conf_file->file.name.data;
@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
    ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
                              30000);

+    ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);

    ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");

--- a/src/mail/ngx_mail_handler.c
+++ b/src/mail/ngx_mail_handler.c
@ -874,7 +874,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
        return NGX_MAIL_PARSE_INVALID_COMMAND;
    }

-    if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
+    if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
+
+        s->errors++;
+
+        if (s->errors >= cscf->max_errors) {
+            ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                          "client sent too many invalid commands");
+            s->quit = 1;
+        }
+
+        return rc;
+    }
+
+    if (rc == NGX_IMAP_NEXT) {
        return rc;
    }