I need to make the IMAP interface of an Exchange 2000 server available on the net, however I would like to give it a little protection, and believe Dovecot's IMAP proxy might be appropriate. Does anybody have a *really simple* config that would allow IMAP pass-through to a single Exchange server? The examples I've seen all assume some sort of load balancing, which isn't an issue here, so I'd like to eliminate the need for an unnecessary database server. Does Dovecot do any cleanup of the IMAP commands that would be useful in protecting Exchange (from this, http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I barking up the wrong tree? If Dovecot isn't helpful for this, can anybody point me to a better resource? Thanks! Terry
On Wed, 30 Nov 2011 15:36:46 -0500 Terry Carmen articulated:> I need to make the IMAP interface of an Exchange 2000 server > available on the net, however I would like to give it a little > protection, and believe Dovecot's IMAP proxy might be appropriate. > > Does anybody have a *really simple* config that would allow IMAP > pass-through to a single Exchange server? > > The examples I've seen all assume some sort of load balancing, which > isn't an issue here, so I'd like to eliminate the need for an > unnecessary database server. > > Does Dovecot do any cleanup of the IMAP commands that would be > useful in protecting Exchange (from this, > http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I > barking up the wrong tree? > > If Dovecot isn't helpful for this, can anybody point me to a better > resource?An Exchange 2000 server is ancient. I wouldn't waste time with it unless there was no possible way to get an updated version; ie, Exchange server 2010. -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________
On 30.11.2011, at 22.36, Terry Carmen wrote:> Does Dovecot do any cleanup of the IMAP commands that would be useful in protecting Exchange (from this, http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I barking up the wrong tree?v2.1 with imapc backend can be used to do this. There's not really documentation for it beyond this mailing list though.
On 11/30/2011 2:36 PM, Terry Carmen wrote:> I need to make the IMAP interface of an Exchange 2000 server available > on the net, however I would like to give it a little protection, and > believe Dovecot's IMAP proxy might be appropriate. > > Does anybody have a *really simple* config that would allow IMAP > pass-through to a single Exchange server? > > The examples I've seen all assume some sort of load balancing, which > isn't an issue here, so I'd like to eliminate the need for an > unnecessary database server. > > Does Dovecot do any cleanup of the IMAP commands that would be useful in > protecting Exchange (from this, > http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I > barking up the wrong tree? > > If Dovecot isn't helpful for this, can anybody point me to a better > resource?Look into the SM IMAP Proxy. It was designed for a different purpose, but may work well for your scenario: http://imapproxy.org/index.html -- Stan
Terry Carmen <terry at cnysupport.com> (Mi 30 Nov 2011 21:36:46 CET):> useful in protecting Exchange (from this, > http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I > barking up the wrong tree? > > If Dovecot isn't helpful for this, can anybody point me to a better resource?Some time ago wie used "perdition", but I do not know, if it has sanitizing features beyond just being a proxy for the IMAP protocol. -- Heiko :: dresden : linux : SCHLITTERMANN.de GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20111201/242f1ffc/attachment-0004.bin>