Do you see a use for an IMAP proxy where the proxy would be able to execute hooks which modify mail contents, such as transparent encrypting/decrypting mails, or maybe some virus-filtering? It would need at least some kind of IMAP command/reply parsing capabilities, so it might be able to do all kinds of other things. Maybe one potential use case would be Cyrus Murder-like proxying to multiple IMAP servers to distribute the mailboxes. But that might be done better as an imap process plugin, or maybe as IMAP mail storage backend. Anyway, the reason I'm asking this is because I was asked to add mail encryption/decryption capabilities to Dovecot's IMAP proxy, but I'm not sure what would be the best way to handle this. In any case it would be a plugin or a new binary which is executed instead of imap binary, but can I do it in a way that would actually be useful for Dovecot project in general?
On 2006-02-23 18:24:31 +0200, Timo Sirainen wrote:> Do you see a use for an IMAP proxy where the proxy would be able to > execute hooks which modify mail contents, such as transparent > encrypting/decrypting mails, or maybe some virus-filtering? It would > need at least some kind of IMAP command/reply parsing capabilities, so > it might be able to do all kinds of other things.err at least the virus scanning stuff should be handled in the MTA. In general i dont like any proxies that modify content for me. there are too many ways to get things wrong. but i like the idea of writing a basic imap client. ;) you could use that for a testsuite. :p *runs*> Maybe one potential use case would be Cyrus Murder-like proxying to > multiple IMAP servers to distribute the mailboxes. But that might be > done better as an imap process plugin, or maybe as IMAP mail storage > backend.load balancing proxy sounds more useful yeah.> Anyway, the reason I'm asking this is because I was asked to add mail > encryption/decryption capabilities to Dovecot's IMAP proxy, but I'm not > sure what would be the best way to handle this. In any case it would be > a plugin or a new binary which is executed instead of imap binary, but > can I do it in a way that would actually be useful for Dovecot project > in general?hmm i have heard about signing proxies at the MTA layer where the mta signs every mail of a user with a special signing only mail. i dont see how dovecot should be able to decrypt mails unless the passphrase of the private key and the password are the same. but that would mean storing the password during the session in memory. hmm i dont like that idea much. do you have more details on the general design they have in mind? just my 2 cents darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
Timo Sirainen wrote:> Do you see a use for an IMAP proxy where the proxy would be able to > execute hooks which modify mail contents, such as transparent > encrypting/decrypting mails, or maybe some virus-filtering? It would > need at least some kind of IMAP command/reply parsing capabilities, so > it might be able to do all kinds of other things.Sounds interesting, but I'm MUCH more interested in full Shared Maildir support (complete with the ability to modify folder ACLs via normal IMAP clients like "Thunderbird)... -- Best regards, Charles
Hi, a nice feature is that dovecot can archive mails in condensed form like a folder INBOX.archive ??? On Thu, 2006-02-23 at 18:24 +0200, Timo Sirainen wrote:> Do you see a use for an IMAP proxy where the proxy would be able to > execute hooks which modify mail contents, such as transparent > encrypting/decrypting mails, or maybe some virus-filtering? It would > need at least some kind of IMAP command/reply parsing capabilities, so > it might be able to do all kinds of other things. > > Maybe one potential use case would be Cyrus Murder-like proxying to > multiple IMAP servers to distribute the mailboxes. But that might be > done better as an imap process plugin, or maybe as IMAP mail storage > backend. > > Anyway, the reason I'm asking this is because I was asked to add mail > encryption/decryption capabilities to Dovecot's IMAP proxy, but I'm not > sure what would be the best way to handle this. In any case it would be > a plugin or a new binary which is executed instead of imap binary, but > can I do it in a way that would actually be useful for Dovecot project > in general?
(sorry for the late response to this thread) I would like to see hooks in the proxy that would allow somebody to build security features such as: - per user concurrent connection limits - per IP concurrent connection limits - per user login rate limits - per IP login rate limits - IP access restrictions per user (looks like this is already possible) - IP lockouts for brute force password crack attempts The proxy is the right place for these features for us, but smaller sites might need these features in the main IMAP server. Bill On Thursday, February 23, 2006 11:24, Timo Sirainen said:> Do you see a use for an IMAP proxy where the proxy would be able to > execute hooks which modify mail contents, such as transparent > encrypting/decrypting mails, or maybe some virus-filtering? It would > need at least some kind of IMAP command/reply parsing capabilities, so > it might be able to do all kinds of other things. > > Maybe one potential use case would be Cyrus Murder-like proxying to > multiple IMAP servers to distribute the mailboxes. But that might be > done better as an imap process plugin, or maybe as IMAP mail storage > backend. > > Anyway, the reason I'm asking this is because I was asked to add mail > encryption/decryption capabilities to Dovecot's IMAP proxy, but I'm not > sure what would be the best way to handle this. In any case it would be > a plugin or a new binary which is executed instead of imap binary, but > can I do it in a way that would actually be useful for Dovecot project > in general? > >