Detect IMAP server domain name in Dovecot IMAP proxy

Rick Romero admin at vfemail.net
Wed Oct 12 18:07:19 UTC 2016


Quoting KT Walrus <kevin at my.walr.us>:

> I’m in the process of setting up a Dovecot IMAP proxy to handle a
number
> of IMAP server domains. At the current time, I have my users divided
> into 70 different groups of users (call them G1 to G70). I want each
> group to configure their email client to access their mailboxes at a
> domain name based on the group they belong to (e.g., g1.example.com
> <http://g1.example.com/>, g2.example.com <http://g2.example.com/>, …,
> g70.example.com <http://g70.example.com/>). I will only support TLS
> encrypted IMAP connections to the Dovecot IMAP proxy (‘ssl=yes’ in
the
> inet_listener). My SSL cert has alternate names for all 70 group domain
> names.
>
> I want the group domain to only support users that have been assigned to
> the group the domain name represents. That is, a user assigned to G23
> would only be allowed to configure their email client for the IMAP
> server named g23.example.com <http://g23.example.com/>.
>
> My solution during testing has been to have the Dovecot IMAP proxy to
> listen on different ports: 9930-9999. I plan to purchase 70 IPs, one for
> each group, and redirect traffic on port 993 to the appropriate Dovecot
> IMAP proxy port based on the IP I assign to the group domain name in the
> site’s DNS. The SQL for handling the IMAP login uses the port number of
> the inet_listener
>
> I think this could work in production, but it will cost me extra to rent
> the 70 IPs and might be a pain to manage. Eventually, I would like to
> have over 5,000 groups so requiring an IP per group is less than ideal.
> I also think having Dovecot IMAP proxy have 5,000 inet_listeners might
> not work so well or might create too many threads/processes/ports to fit
> on a small proxy server.
>
> I would rather have 1 public IP for each Dovecot IMAP proxy and somehow
> communicate to the userdb which group domain name was configured in the
> email client so only the users assigned to this group can login with
> that username.
>
> Anyone have any ideas?
>  

Do you have a SQL userdb?
Create a table or a 'host' field for the user.

user_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, "89" as uid,
"89" as gid, host, 'Y' AS proxy_maybe, pw_dir as home, pw_dir as mail_home,
CONCAT('maildir:', pw_dir , '/Maildir/' ) as mail_location FROM vpopmail
WHERE pw_name = '%n' AND pw_domain = '%d'

(mine is based on qmail/vpopmail)

Then populate 'host' for each user if you don't have any other way of
programatically determining the host..

Rick


More information about the dovecot mailing list