On Sun, 9 Mar 2003, Andreas Aardal Hanssen wrote:
> On Sat, 8 Mar 2003, Gary wrote:
>
> >I wanted to impliment the above, specifically Bruce Guenter's SMTP
> >Relaying Control for qmail & tcpserver program.
...
> I've seen a couple of smtp-after-pop mechanisms that have similar
> approaches.
...
> Requirements:
> - You must be using Courier IMAP to serve IMAP.
That seems to be an implied requirement:
This set of programs controls access to relaying for users that
authenticate using either POP3 using the qmail-popup/qmail-pop3d
or pop3front servers, or IMAP using Courier IMAP.
But I think any IMAP daemon which runs in post-authentication mode if it
starts up as non-root can do the job. You'll need imapfront-auth from
Bruce Guenter's mailfront package, and his cvm authentication package.
You'll want something like this:
#!/bin/sh
SOCKET=...
IMAPD=...
IMAPD_ARGS=...
exec 2>&1
exec /usr/bin/softlimit -m 2000000 \
envdir /etc/relay-ctrl \
relay-ctrl-chdir \
/usr/bin/tcpserver -v -p -x /etc/tcp.imap.cdb \
0 imap /var/qmail/bin/imapfront-auth cvm-local:${SOCKET} \
$IMAPD $IMAPD_ARGS
Now a big downside to this approach is that imapfront-auth doesn't yet
support STARTTLS.
I've been trying to wrap my mind about the issues of using stunnel to
implement STARTTLS for us, but a quick google suggests that someone has
broken that trail:
http://www.suspectclass.com/~sgifford/stunnel-tlsproxy/imap-tls.README
How many lines of bincimap can we remove if someone else does TLS and
authentication for us?
--
Charlie
