[Dovecot] proxy host specified as fqdn in userdb
Abstract from http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
host=s: The destination server's *IP address*. This field is required. Note that currently it's required to use an IP address since no DNS resolving is done.
Hello Timo, Here goes one more item for the v2.0 wishlist: Will it become possible to do dovecot imap proxying based on a "host" userdb attribute that is an FQDN (instead of a numeric IP as it is now)? It would simplify things for large smtp clusters that already do LDAP mail routing, based on per user "mailHost" attribute containg mail server FQDNs (according to "IETF Internet Draft LDAP Schema for Intranet Mail Routing", http://www.sendmail.org/m4/laser.txt). It is kinda redundunt to keep an extra LDAP attribute for "host" that contains essentially the same information as "mailHost" attribute, but in numeric form.
I know the proposed change is not that important for many people, so don't really bother unless it is trivial to implement.
apap
On Tue, 2007-03-27 at 00:56 +0300, Apostolos Papayanakis wrote:
Abstract from http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
host=s: The destination server's *IP address*. This field is required. Note that currently it's required to use an IP address since no DNS resolving is done.
Hello Timo, Here goes one more item for the v2.0 wishlist: Will it become possible to do dovecot imap proxying based on a "host" userdb attribute that is an FQDN (instead of a numeric IP as it is now)?
The problem with this is that it would require adding asynchronous DNS library to Dovecot, or alternatively hoping that your DNS server is never down (and hanging when it is). I don't really want to implement the latter, and adding async DNS library just for proxying which is used by very few people seems a bit bloaty.
On Tue, 2007-03-27 at 00:56 +0300, Apostolos Papayanakis wrote:
Abstract from http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
host=s: The destination server's *IP address*. This field is required. Note that currently it's required to use an IP address since no DNS resolving is done.
Hello Timo, Here goes one more item for the v2.0 wishlist: Will it become possible to do dovecot imap proxying based on a "host" userdb attribute that is an FQDN (instead of a numeric IP as it is now)?
The problem with this is that it would require adding asynchronous DNS library to Dovecot, or alternatively hoping that your DNS server is never down (and hanging when it is). I don't really want to implement the latter, and adding async DNS library just for proxying which is used
by very few people seems a bit bloaty. Thanks for the immediate answer! I had hoped that it would be ok for the
O/H Timo Sirainen έγραψε: proxy dovecot process to block on DNS, but it seems that this is not the case. I will now happilly go ahead and create a "host" attribute containing the IP of the proxied servers as suggested.
apap
On Tue, Mar 27, 2007 at 01:03:54AM +0300, Timo Sirainen wrote:
On Tue, 2007-03-27 at 00:56 +0300, Apostolos Papayanakis wrote:
Abstract from http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
host=s: The destination server's *IP address*. This field is required. Note that currently it's required to use an IP address since no DNS resolving is done.
Hello Timo, Here goes one more item for the v2.0 wishlist: Will it become possible to do dovecot imap proxying based on a "host" userdb attribute that is an FQDN (instead of a numeric IP as it is now)?
The problem with this is that it would require adding asynchronous DNS library to Dovecot, or alternatively hoping that your DNS server is never down (and hanging when it is). I don't really want to implement the latter, and adding async DNS library just for proxying which is used by very few people seems a bit bloaty.
If we require SSL/TLS connections, are we not always "proxying" connections? if that is true, and most folks require SSL/TLS (is that not the case??), then wouldn't most folks then be used by lots of people?
--
Steven F. Siirila Office: Lind Hall, Room 130B Internet Services E-mail: sfs@umn.edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
On 27.3.2007, at 3.35, Steven F Siirila wrote:
The problem with this is that it would require adding asynchronous
DNS library to Dovecot, or alternatively hoping that your DNS server is never down (and hanging when it is). I don't really want to implement the latter, and adding async DNS library just for proxying which
is used by very few people seems a bit bloaty.If we require SSL/TLS connections, are we not always "proxying"
connections? if that is true, and most folks require SSL/TLS (is that not the
case??), then wouldn't most folks then be used by lots of people?
And how many people are proxying SSL/TLS connections to different
computers?
On Tue, Mar 27, 2007 at 11:28:54PM +0300, Timo Sirainen wrote:
On 27.3.2007, at 3.35, Steven F Siirila wrote:
The problem with this is that it would require adding asynchronous
DNS library to Dovecot, or alternatively hoping that your DNS server is never down (and hanging when it is). I don't really want to implement the latter, and adding async DNS library just for proxying which
is used by very few people seems a bit bloaty.If we require SSL/TLS connections, are we not always "proxying"
connections? if that is true, and most folks require SSL/TLS (is that not the
case??), then wouldn't most folks then be used by lots of people?
Of course I meant "then wouldn't most folks be proxying?"
And how many people are proxying SSL/TLS connections to different
computers?
I don't know about that, but what I'm asking is.. how many people are allowing IMAP/POP3 connections (with authentication via user/pw) over non-secure (non-SSL/TLS) connections? I wouldn't think there would be many nowadays, and that there would be less as time passes. If that assumption is true, then I would think proxying would be very common (at least within a host where the imap-login and imap processes are paired together doing SSL/TLS).
--
Steven F. Siirila Office: Lind Hall, Room 130B Internet Services E-mail: sfs@umn.edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
On Tue, 2007-03-27 at 17:27 -0500, Steven F Siirila wrote:
I don't know about that, but what I'm asking is.. how many people are allowing IMAP/POP3 connections (with authentication via user/pw) over non-secure (non-SSL/TLS) connections? I wouldn't think there would be many nowadays, and that there would be less as time passes. If that assumption is true, then I would think proxying would be very common (at least within a host where the imap-login and imap processes are paired together doing SSL/TLS).
Yes, but that was the point. When proxying within a host you don't need DNS resolving.
On Wed, Mar 28, 2007 at 01:58:34AM +0300, Timo Sirainen wrote:
On Tue, 2007-03-27 at 17:27 -0500, Steven F Siirila wrote:
I don't know about that, but what I'm asking is.. how many people are allowing IMAP/POP3 connections (with authentication via user/pw) over non-secure (non-SSL/TLS) connections? I wouldn't think there would be many nowadays, and that there would be less as time passes. If that assumption is true, then I would think proxying would be very common (at least within a host where the imap-login and imap processes are paired together doing SSL/TLS).
Yes, but that was the point. When proxying within a host you don't need DNS resolving.
My misunderstanding... That's what I get for skimming my e-mail! Sorry for the added noise. :)
--
Steven F. Siirila Office: Lind Hall, Room 130B Internet Services E-mail: sfs@umn.edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
participants (3)
-
Apostolos Papayanakis
-
Steven F Siirila
-
Timo Sirainen