[Dovecot] MS Exchange IMAP Proxy

Timo Sirainen tss at iki.fi
Fri Dec 2 23:29:23 EET 2011


On 1.12.2011, at 6.03, Terry Carmen wrote:

>> On 30.11.2011, at 22.36, Terry Carmen wrote:
>> 
>>> Does Dovecot do any cleanup of the IMAP commands that would be useful in protecting Exchange (from this, http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I barking up the wrong tree?
>> 
>> v2.1 with imapc backend can be used to do this. There's not really documentation for it beyond this mailing list though.
> 
> I'd be happy to give it a try.
> 
> I have an absolutely dead-simple setup. All it has to do is sit between the internet and the IMAP port on an Exchange server.
> 
> Any hints on how to set it up?


Without SSL it works like this:

mail_location = imapc:~/imapc
imapc_host = imap.elsewhere.com
imapc_port = 143

passdb {
  driver = imap
  args = host=imap.elsewhere.com
  default_fields = userdb_imapc_user=%u userdb_imapc_password=%w
}
userdb {
  driver = prefetch
}
mail_home = /home/tss

And about other IMAP proxies: Before login they provide almost comparable security to Dovecot, the main exception being that Dovecot don't by default allow all characters in username (auth_username_chars setting). Post-login all of the IMAP proxies are equivalent. But imapc backend isn't really a proxy, so it does more:

The imapc mainly gives protection for post-login commands, which the other proxies don't even attempt to sanitize in any way. But you probably trust your authorized users enough that they won't attempt to break into your mail server.. But then again, users might be running viruses and whatever other things that automate breaking into mail server without even knowing about it (but currently that's rather rare I think).


More information about the dovecot mailing list