diff --git a/core/admin/mailu/internal/nginx.py b/core/admin/mailu/internal/nginx.py
index ebd677d0..d236513d 100644
--- a/core/admin/mailu/internal/nginx.py
+++ b/core/admin/mailu/internal/nginx.py
@@ -91,20 +91,14 @@ def handle_authentication(headers):
     # Authenticated user
     elif method in ['plain', 'login']:
         is_valid_user = False
-        # According to RFC2616 section 3.7.1 and PEP 3333, HTTP headers should
-        # be ASCII and are generally considered ISO8859-1. However when passing
-        # the password, nginx does not transcode the input UTF string, thus
-        # we need to manually decode.
-        raw_user_email = urllib.parse.unquote(headers["Auth-User"])
-        raw_password = urllib.parse.unquote(headers["Auth-Pass"])
         user_email = 'invalid'
         password = 'invalid'
         try:
-            user_email = raw_user_email.encode("iso8859-1").decode("utf8")
-            password = raw_password.encode("iso8859-1").decode("utf8")
+            user_email = urllib.parse.unquote(headers["Auth-User"])
+            password = urllib.parse.unquote(headers["Auth-Pass"])
             ip = urllib.parse.unquote(headers["Client-Ip"])
         except:
-            app.logger.warn(f'Received undecodable user/password from nginx: {raw_user_email!r}/{raw_password!r}')
+            app.logger.warn(f'Received undecodable user/password from nginx: {headers["Auth-User"]!r}/{headers["Auth-Pass"]!r}')
         else:
             try:
                 user = models.User.query.get(user_email) if '@' in user_email else None
diff --git a/core/admin/mailu/internal/views/auth.py b/core/admin/mailu/internal/views/auth.py
index 4aa31407..3182188c 100644
--- a/core/admin/mailu/internal/views/auth.py
+++ b/core/admin/mailu/internal/views/auth.py
@@ -29,7 +29,6 @@ def nginx_authentication():
         response.headers['Auth-Status'] = status
         response.headers['Auth-Error-Code'] = code
         return response
-    raw_password = urllib.parse.unquote(headers['Auth-Pass']) if 'Auth-Pass' in headers else ''
     headers = nginx.handle_authentication(flask.request.headers)
     response = flask.Response()
     for key, value in headers.items():
@@ -50,14 +49,8 @@ def nginx_authentication():
         if not is_port_25:
             utils.limiter.exempt_ip_from_ratelimits(client_ip)
     elif is_valid_user:
-        password = None
-        try:
-            password = raw_password.encode("iso8859-1").decode("utf8")
-        except:
-            app.logger.warn(f'Received undecodable password for {username} from nginx: {raw_password!r}')
-            utils.limiter.rate_limit_user(username, client_ip, password=None)
-        else:
-            utils.limiter.rate_limit_user(username, client_ip, password=password)
+        password = urllib.parse.unquote(headers['Auth-Pass']) if 'Auth-Pass' in headers else ''
+        utils.limiter.rate_limit_user(username, client_ip, password=password)
     elif not is_from_webmail:
         utils.limiter.rate_limit_ip(client_ip, username)
     return response