[Dovecot] "Dumb" proxying?
I'm a database noob, and it really seems like it would be overkill for my setup: I just want to proxy all connections from my DMZ to my internal mail server -- same internal server for all users. I used to use perdition for this set up, but am having issues getting it to play nicely with my new servers.
Can I bypass all of the SQL stuff and just have dovecot forward all POP/IMAP connections to a specific server? Or perhaps set up a wild card lookup in the database (preferably something serverless like sqlite) so that no matter the query, it'll return one server? I don't really want to add "database management" to my list of jobs I have to do, especially for ~1000 users, and when I don't handle user creation/deletion.
-- Dan Bongert dbongert@ssc.wisc.edu
Dan Bongert wrote:
I'm a database noob, and it really seems like it would be overkill for my setup: I just want to proxy all connections from my DMZ to my internal mail server -- same internal server for all users. I used to use perdition for this set up, but am having issues getting it to play nicely with my new servers.
iptables?
Hi Dan,
you can set up a static/simple passdb. All you have to do is to return some extrafields for proxying.
We had a 'passdb checkpassword' and I simply set those environment variables in our checkpassword script (python).
os.environ['proxy'] = 'Y' # if there is a proxy field, proxying is enabled whatever the value is os.environ['host'] = '192.168.0.1' # the server to proxy the connection to os.environ['EXTRA'] = 'proxy host' # passdb checkpassword needs to know about the extra fields os.environ['USER'] = user # the user to use os.environ['HOME'] = '' # set on the 'host'
As you can see, you only have to enable proxying and set a destination host and all connections get forwarded 'dumb' ;).
Greets, Ruben Lang
dovecot-bounces+r.lang=scan-plus.de@dovecot.org schrieb am 01.04.2008 23:45:07:
I'm a database noob, and it really seems like it would be overkill for my setup: I just want to proxy all connections from my DMZ to my internal mail server -- same internal server for all users. I used to use perdition for this set up, but am having issues getting it to play nicely with my new servers.
Can I bypass all of the SQL stuff and just have dovecot forward all POP/IMAP connections to a specific server? Or perhaps set up a wild card lookup in the database (preferably something serverless like sqlite) so that no matter the query, it'll return one server? I don't really want to add "database
management" to my list of jobs I have to do, especially for ~1000 users, and when I don't handle user creation/deletion.
-- Dan Bongert dbongert@ssc.wisc.edu
On Tue, 01 Apr 2008 16:45:07 -0500, Dan Bongert dbongert@ssc.wisc.edu wrote:
I'm a database noob, and it really seems like it would be overkill for my setup: I just want to proxy all connections from my DMZ to my internal mail server -- same internal server for all users. I used to use perdition for this set up, but am having issues getting it to play nicely with my new servers.
Hi!
We are using stunnel for this purpose:
/usr/bin/stunnel -f -p /etc/stunnel/cert.pem -d externalIP:993 -s mail -g mail -r internalIP:143
Greetings
Robert Sander Senior Manager Information Systems Epigenomics AG Kleine Praesidentenstr. 1 10178 Berlin, Germany phone:+49-30-24345-0 fax:+49-30-24345-555 http://www.epigenomics.com robert.sander@epigenomics.com
participants (4)
-
Dan Bongert
-
Ed W
-
it-dovecot@ml.epigenomics.com
-
Ruben Lang