Proxy POP [s] / IMAP [s]: why? How? ‘Or’ What?
This article was published 14 years ago 3 months 10 days, so it may not be up to date. The information offered may therefore have expired.
A POP / IMAP proxy is, as its name suggests, a relay for the 4 POP and IMAP protocols, secure or not. It is used to place a relay between email clients and your real POP3 and / or IMAP4 server and / or POP3s and / or IMAP4s.
Why is that ? for example to make visible in a DMZ only the relays and not the POP / IMAP servers directly. It can also allow (in the case of the PERDITION software that I will show below) to make a breakdown by user (so for example by origin) between different POP or IMAP servers in your infrastructure, for load distribution or any other reason that seems interesting to you.
Okay there, if that doesn’t speak to you, the article will be useless to you, come back later. Otherwise, let’s go for an introduction with an example of setting up PERDITION software
In two words, the principle of a relay like that is to take the authentication requests, to relay them to the real mail server and according to the result, to make or not a “pipe” to the real mail server (according to the desired protocol).
So start by installing the application. Under Debian :
apt-get install perdition for example.
Then go to
/etc/perdition/ and duplicate your file
perdition.imap.conf according to your needs. The manual actually recommends creating a file by protocol used. Ultimately, the original file
perdition.conf is no longer useful at the end. You can keep it, however, if you will only use one of the 4 protocols in your proxy.
It is now necessary to edit this file (s) for each protocol. All parameters are by default in commentary. It’s up to you to choose what it takes. The subsistence minimum for IMAP4s for example is, (in the file
/etc/perdition/perdition.imap4s.conf suddenly :
IMAP4S protocol outgoing_port 993 outgoing_server imap.mondomaine.com # your real IMAP server ssl_mode ssl_listen # or ssl_all, see doc ssl_ca_file / etc / ssl / certificates / masociete.crt ssl_cert_file /etc/ssl/certs/mon_imap.cert ssl_key_file / etc / ssl / certificates / mon_imap.key
A few remarks :
1) You are not obliged to use a “Certification Authority”, therefore in this case, no need to
2) The paths and file names of the certificates / keys are arbitrary.
3) For insecure IMAP, you would only have to modify the first 3 lines and leave those starting with comment
4) For POP or POP3s, this is the same principle.
5) Finally, the config file
/etc/perdition/perdition*conf contains a lot of help on each parameter, and the
man perdition as well.
Finally, last brick, specify which protocols we take care of and check that perdition is well launched by the system. It happens in the file
/etc/default/perdition where you will go to check this:
RUN_PERDITION = eyes POP3 = no # or yes POP3S = no # or yes IMAP4 = no # or yes IMAP4S = eyes # or no
For each protocol you use, you will therefore have created it
/etc/perdition/perdition..conf who is fine. Relaunch the service via
"/etc/init.d/perdition restart" and check that the processes
"loss." that interest you turn.
Obviously, you will finally check that your entire firewall configuration looks like something and allows in particular access to the ports that go well with your POP / IMAP proxy
I forgot, to make the distribution by user (such user on such a server), you have to edit the file
"/etc/perdition/popmap" Some examples are given, such as:.
hormones: mailserver1 tymm: mailServer2
Then create a “database” (a .db file) via a
"make" based on the Makefile available in
/ etc / loss / Makefile.
(It’s a bit the same, more creepy principle as the /etc/aliases file and its database version generated by the postalias command).
Personally, I did not set up this distribution system, but it does not have to be much more complicated than that.