(sorry for the late response to this thread)
I would like to see hooks in the proxy that would allow somebody to build security features such as:
- per user concurrent connection limits
- per IP concurrent connection limits
- per user login rate limits
- per IP login rate limits
- IP access restrictions per user (looks like this is already possible)
- IP lockouts for brute force password crack attempts
The proxy is the right place for these features for us, but smaller sites might need these features in the main IMAP server.
Bill
On Thursday, February 23, 2006 11:24, Timo Sirainen said:
Do you see a use for an IMAP proxy where the proxy would be able to execute hooks which modify mail contents, such as transparent encrypting/decrypting mails, or maybe some virus-filtering? It would need at least some kind of IMAP command/reply parsing capabilities, so it might be able to do all kinds of other things.
Maybe one potential use case would be Cyrus Murder-like proxying to multiple IMAP servers to distribute the mailboxes. But that might be done better as an imap process plugin, or maybe as IMAP mail storage backend.
Anyway, the reason I'm asking this is because I was asked to add mail encryption/decryption capabilities to Dovecot's IMAP proxy, but I'm not sure what would be the best way to handle this. In any case it would be a plugin or a new binary which is executed instead of imap binary, but can I do it in a way that would actually be useful for Dovecot project in general?