>SSL wouldn't work in this case because the connection can't be transferred >to the client, instead the IIS server would have to be the full-time >go-between.
Ah, I hadn't thought of that. There is a "Click here to switch to SSL (or non-SSL)" button/link on the bottom of the web messaging pages, though -- it may be possible to have the ASP script switch back to non-SSL (and then redirect the client to the "Turn on SSL" link, assuming SSL is needed for the client link). A bunch of extra work, but it could get the job done. Or, it might be possible to use an SSL tunnel (such as http://www.stunnel.org ) for the ASP script to communicate with IMail using SSL, but IMail will think it is non-SSL. With that setup, stunnel could run on the IMail server, listening to a private port (such as port 8888) using SSL, linking securely to port 80. >If using NT authentication on the IIS portal side (the part that the user >connects to), I will know who the IIS user is and can then set the user/pass >in Imail. The only catch is that this is most easily done in SQL auth, not >appropriate with NT auth, and a bit dangerous making constant live changes >to the Imail registry database as the probability of corruption will >increase dramatically with higher mail usage. That's a good point. IMail's database can handle a lot of usage without problems (IE lots of people that connect every minute via POP3, which requires authentication), but that's read-only. I'm not sure how it would handle lots of writes. It would also be possible to have a fixed password that is somehow based on the username (a hash of the username perhaps). But, that reduces security (if someone knew the algorithm, they could get into any account). >Has anyone else out there given this any thought? What are the exact >methods that can be used to create an authenticated HTTP connection with the >Imail server? (i.e. what exactly do I have to send the server? variables >in a form, extra variables in the requesting URL?) That's best handled with reverse engineering, as I believe it isn't documented (beyond the actual HTML pages). If you use a packet sniffer (and a bit of trial and error), you can figure out what needs to be done. It's not for the faint of heart, but on the other hand, someone who has some knowledge of HTTP/HTML and ASP, along with a bit of networking knowledge could probably figure it out. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
