[Dovecot] Thinking Outside the Box - Extending IMAP

Eric Rostetter rostetter at mail.utexas.edu
Mon May 14 19:39:53 EEST 2007


Quoting andy.shellam-lists at mailnetwork.co.uk:

> I disagree about SSH.

Good for you.

> Firstly, how do virtual users fit into your proposed setup?

You can setup a ssh tunnel on the server on any port.  The user then
sets up to connect to that port.  The authentication can be done anyway
you want, or not at all.  We're not talking ssh logins to the server,
we're talking ssh tunneling.

> Secondly, as a service provider to the general public, the absolute   
> LAST thing
> I want to be doing is opening up SSH access to my servers.

Why?  An SSH tunnel can be useful, and can increase rather than decrease
your security.

Now, if you meant logins, that would be a different story.

> Mark has a valid point in that you have to connect to the server via IMAP to
> get your mail, why should you have to have a second protocol to do other
> things with the same mailbox?

Because some of these things may not involve the same mailbox?  And because
it makes for several smaller code bases which are then easier to secure,
audit, debug, etc. (instead of one massive code base that is harder to
secure, audit, debug, etc).  And because then the authors only need to know
and understand one protocol, instead of trying to know and understand any
number of protocols that they may not use, have any interest in, etc.
And so that those who only want 1 protocol can install only that protocol,
and not have to worry about all the others?  And, well, you should get
the idea by now.

> And why worry about a whole second set of
> authentication when you've got a pre-authenticated connection ready and
> waiting?

That was what the SSH connection was about I think.

> I agree it's not portable, and not ideal (ie. look at M$ Exchange's handling
> of custom server features), but Timo's suggestion of using the METADATA
> extension may strike the ideal balance between an extensible feature and the
> IMAP standard.

Yes, but it only would handle some situations (maybe whitelist/blacklist)
and not others (like SMTP) so it isn't what the original question was
about really.

> Andy.

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!


More information about the dovecot mailing list