Skip to content

vproxy.8

Jump to bottom
Manvendra Bhangui edited this page Feb 25, 2024 · 5 revisions

NAME

proxyimap - IMAP Proxy

proxypop3 - POP3 Proxy

vproxy - Generic Proxy

SYNOPSYS

proxyimap path_of_imapd Maildir

proxypop3 path_of_pop3d Maildir

vproxy host port [login_sequence]

DESCRIPTION

proxyimap and proxypop3 act as proxy for IMAP4 and POP3 protocol in a clustered domain where users homedir lie on multiple hosts. proxyimap and proxypop3 correctly locates the user's mailstore and make a IMAP4 or POP3 connection to the user's mailstore host. This facilitates to have a single IP address or DNS entry for all hosts comprising a clustered domain. The proxy works by passing all data from the file descriptor 0 to the socket connection (IMAP4 or POP3). All data which comes from the socket is is passed to file descriptor 1. The recommended method for using proxyimap and proxypop3 is through tcpserver(1). It is recommended to use a cdb files (-x option in tcpserver) tcp.imap for proxyimap and tcp.pop3 for proxypop3. For enabling unrestricted IMAP from a host, set environment variable POP3CLIENT and IMAPCLIENT in cdb file used by the respective tcpservers (compiled by tcprules). e.g. To allow unrestricted IMAP/POP3 access from the host with IP w.x.y.z, use tcprules to compile the following.

tcp.imap
w.x.y.z:allow,IMAPCLIENT=""

tcp.pop3
w.x.y.z:allow,POP3CLIENT=""

proxyimap and proxypop3 supports TLS/SSL and STARTTLS sessions. For TLS/SSL session you can use tcpserver(1) with -n option or use the couriertls(1) program.

If you set the AUTOADDUSER environment variable, users can be automatically added by using the adminclient(8) protocol to connect to indisrvr(8). The auto provisioning happens only if the user does not exist in IndiMail's authentication database. If you set the ADDUSERCMD environment variable to a program, the program will be run with the password passed as an argument.

Following environment variables are needed by these two proxies to start up

TCPREMOTEIP
IP address of remote host.

TCPLOCALPORT
Local TCP/IP Port on which proxyimap, proxypop3 is running.

DESTPORT
Of the form protocol:port where protocol is either imap or pop3. Port is the TCP/IP port on the remote host offering the imap or pop3 protocol.

COURIERTLS
The program to run to enable TLS/SSL session if the client issues the STARTTLS command. If not set, the program sslerator(8) will be used. One can also use dotls(1) or the couriertls(1) programs. In fact, you can use any program that can encrypt data on descriptors 0 and 1 and can print a BANNER on descriptor 1 before initiating a TLS/SSL session. This banner should be one of the following

for imap
IMAPTAG Begin SSL/TLS negotiation now.

for pop3
+OK Begin SSL/TLS negotiation now.

If you use the AUTOADDUSER environemnt variable to provision new users, adminclient will be used to execute various indimail commands. In this case additional environment variables will needed

ADMIN_USER
An existing user set using mgmtpass(8) program.

ADMIN_PASS
Password for the user

ADMIN_HOST
Host running indisrvr(8)

ADMIN_PORT
port on which indisrvr(8) is running

CERTFILE
openssl certificate to use in case indisrvr(8) is running in TLS mode

CAFILE
openssl cafile in case CA certificates is needed.

MATCH_CN
Match host with Common Name of the certificate that indisrvr(8) is running

Currently proxyimap and proxypop3 allow 5 bad login attempts, after which the connection is terminated.

It is also possible to set data timeout for the proxies through the environment variable DATA_TIMEOUT. The two proxies will terminate if it finds no data coming from either the client or the actual imap/pop3 server within the time in seconds specified by DATA_TIMEOUT.

vproxy is a generic proxy which passes data from file descriptor 0 to a TCP/IP connection and data from the TCP/IP connection to file descriptor 1. The TCP/IP connection is specified by host and port parameters. login_sequence specifies initial data (if needed), that needs to be supplied to the application listening on port port on host host.

OPTIONS

path_of_imapd
Specifies the full path of IndiMail's imapd executable

path_of_pop3d
Specifies the full path of IndiMail's pop3d executable

host
Host Name (Host Name or IP address for which the proxy service is needed.

port
TCP/IP Port on host for which proxy services is needed.

login_sequence
Initial data needed by some servers to start up properly. e.g. POP3 service will require USER username and PASS passwd sequence to login.

RETURN VALUE

0 for success and 1 for failure in which case all diagnostics are printed on stdout.

SEE ALSO

authindi(8) adminclient(8), indisrvr(8), sslerator(8), dotls(1), tcpserver(1), couriertls(1).

Clone this wiki locally