[Imap-protocol] Proxy IP forwarding

mailing list archives

meli community discussions

⚠️ if something does not work as intended when interracting with the mailing lists,

reach out

Github mirror Gitea repo @epilys:matrix.org

E-mail headers

From:	Dan Karp <dkarp@zimbra.com>
To:	imap-protocol@u.washington.edu
Date:	Fri, 08 Jun 2018 12:34:41 -0000
Message-ID:	1070904325.21591212350911669.JavaMail.root@dogfood.zimbra.com permalink / raw / eml / mbox
In-Reply-To:	259504957.21571212350751310.JavaMail.root@dogfood.zimbra.com
References:	259504957.21571212350751310.JavaMail.root@dogfood.zimbra.com

From:

Dan Karp <dkarp@zimbra.com>

To:

imap-protocol@u.washington.edu

Date:

Fri, 08 Jun 2018 12:34:41 -0000

Message-ID:

1070904325.21591212350911669.JavaMail.root@dogfood.zimbra.com permalink / raw / eml / mbox

In-Reply-To:

259504957.21571212350751310.JavaMail.root@dogfood.zimbra.com

References:

259504957.21571212350751310.JavaMail.root@dogfood.zimbra.com

> The idea would be that there's a frontend IMAP proxy that looks up
> the backend IMAP server based on the username, tells the backend
> server the user's IP and then logs in using the provided user+password.

We currently do this with a separate nginx process.  We tell the IMAP
server the client's actual IP by having nginx do an

   A001 ID ("X-ORIGINATING-IP" "<actual-client-IP>")

as the first command, before authenticating.

Since this won't work for GSSAPI, we've also extended nginx to do
GSSAPI auth locally and then use an AUTH PLAIN variant to authenticate
the server connection.