Re: [courier-users] Running three instances of imapd
Jon, I think you didn't understand what I wrote. Let me make a drawing: ClientServer --- imap --- imapd with STLS (xxx.xxx.xxx.xxx:143)--- mail --- pop3 --- pop3d with STLS (xxx.xxx.xxx.xxx:110) --- mail --- imaps --- imapd-ssl (xxx.xxx.xxx.xxx:993) --- mail --- pop3s --- pop3d-ssl (xxx.xxx.xxx.xxx:995) --- mail --- https --- apache with mod_ssl (webmail) (xxx.xxx.xxx.xxx:443) --- imap --- imapd without STLS (127.0.0.1:143)--- mail Every connection from the outside clients must be secure, but there is no need for this requirement for local connections from webmail client to localhost. I'm *forcing* imapd to accept only secure connections. If webmail is to use imap i have two alternatives: use a secure connection of existing imap server (more unecessary overhead), or i can lauch another imap server without security on localhost to serve only webmail connections. Thanks Miguel Cabeça - Original Message - From: Jon Nelson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 09, 2003 5:35 PM Subject: Re: [courier-users] Running three instances of imapd On Thu, 9 Oct 2003, Miguel Cabeça wrote: Jeff, By local webmail I mean: the webmail server is the same as the mail server. No, I'm not talking about sqwebmail. I use Horde/Imp that makes imap connections to localhost (127.0.0.1). Those connections don't need to be encrypted. The webmail is accessed via https only. Ah, but *can* they be encrypted. If so, just do it that way and be done with it. Why make life more complicated? -- Democracy is two wolves and a sheep voting on what to have for dinner. Liberty is two wolves attempting to have a sheep for dinner and finding a well-informed, well-armed sheep. Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
On Fri, Oct 10, 2003 at 10:37:25AM +0100, Miguel Cabeça wrote: I think you didn't understand what I wrote. Let me make a drawing: ClientServer --- imap --- imapd with STLS (xxx.xxx.xxx.xxx:143)--- mail --- pop3 --- pop3d with STLS (xxx.xxx.xxx.xxx:110) --- mail --- imaps --- imapd-ssl (xxx.xxx.xxx.xxx:993) --- mail --- pop3s --- pop3d-ssl (xxx.xxx.xxx.xxx:995) --- mail --- https --- apache with mod_ssl (webmail) (xxx.xxx.xxx.xxx:443) --- imap --- imapd without STLS (127.0.0.1:143)--- mail Hello Miguel, you did not tell, which OS you are running, assuming it is Linux, I just did add a iptables-rule to exclude non-SSL access via all devices except the loopback device: iptables -I INPUT -i ! lo -p tcp --dport 143 -j DROP Regards Mirko --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
On Fri, 10 Oct 2003, Miguel Cabeça wrote: Jon, I think you didn't understand what I wrote. No, I understood perfectly. Let me make a drawing: ClientServer --- imap --- imapd with STLS (xxx.xxx.xxx.xxx:143)--- mail --- pop3 --- pop3d with STLS (xxx.xxx.xxx.xxx:110) --- mail --- imaps --- imapd-ssl (xxx.xxx.xxx.xxx:993) --- mail --- pop3s --- pop3d-ssl (xxx.xxx.xxx.xxx:995) --- mail --- https --- apache with mod_ssl (webmail) (xxx.xxx.xxx.xxx:443) --- imap --- imapd without STLS (127.0.0.1:143)--- mail Every connection from the outside clients must be secure, but there is no need for this requirement for local connections from webmail client to localhost. I'm *forcing* imapd to accept only secure connections. If webmail is to use imap i have two alternatives: use a secure connection of existing imap server (more unecessary overhead), or i can lauch another imap server without security on localhost to serve only webmail connections. I suggest the first alternative. Why is that so hard? -- Democracy is two wolves and a sheep voting on what to have for dinner. Liberty is two wolves attempting to have a sheep for dinner and finding a well-informed, well-armed sheep. Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
Jon, ClientServer --- imap --- imapd with STLS (xxx.xxx.xxx.xxx:143)--- mail --- pop3 --- pop3d with STLS (xxx.xxx.xxx.xxx:110) --- mail --- imaps --- imapd-ssl (xxx.xxx.xxx.xxx:993) --- mail --- pop3s --- pop3d-ssl (xxx.xxx.xxx.xxx:995) --- mail --- https --- apache with mod_ssl (webmail) (xxx.xxx.xxx.xxx:443) --- imap --- imapd without STLS(127.0.0.1:143)--- mail I suggest the first alternative. Why is that so hard? These are not alternatives! I have them all available to the users. Miguel --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
On Fri, 10 Oct 2003, Miguel Cabeça wrote: Jon, ClientServer --- imap --- imapd with STLS (xxx.xxx.xxx.xxx:143)--- mail --- pop3 --- pop3d with STLS (xxx.xxx.xxx.xxx:110) --- mail --- imaps --- imapd-ssl (xxx.xxx.xxx.xxx:993) --- mail --- pop3s --- pop3d-ssl (xxx.xxx.xxx.xxx:995) --- mail --- https --- apache with mod_ssl (webmail) (xxx.xxx.xxx.xxx:443) --- imap --- imapd without STLS(127.0.0.1:143)--- mail I suggest the first alternative. Why is that so hard? These are not alternatives! I have them all available to the users. You said (and I quote): If webmail is to use imap i have two alternatives: use a secure connection of existing imap server (more unecessary overhead), or i can lauch another imap server without security on localhost to serve only webmail connections. I followed that with (quote): I suggest the first alternative. Why is that so hard? Whatever. This discussion is going nowhere. Don't bother replying to me, I'm likely not interested. Don't take that as an insult, it's not a personal attack, I'm just not interested in the problem anymore. -- Democracy is two wolves and a sheep voting on what to have for dinner. Liberty is two wolves attempting to have a sheep for dinner and finding a well-informed, well-armed sheep. Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
Miguel Cabeça wrote: Jon, ClientServer --- imap --- imapd with STLS (xxx.xxx.xxx.xxx:143)--- mail --- pop3 --- pop3d with STLS (xxx.xxx.xxx.xxx:110) --- mail --- imaps --- imapd-ssl (xxx.xxx.xxx.xxx:993) --- mail --- pop3s --- pop3d-ssl (xxx.xxx.xxx.xxx:995) --- mail --- https --- apache with mod_ssl (webmail) (xxx.xxx.xxx.xxx:443) --- imap --- imapd without STLS(127.0.0.1:143)--- mail I suggest the first alternative. Why is that so hard? These are not alternatives! I have them all available to the users. Miguel I read this original email as a nice email to suggest a way to other users how to run 3 different imaps, I don't think the attempt was to start a debate, Miguel was just posting his experiences as an admin in hopes to help another admin in the future. Please don't turn this into a flame war. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Running three instances of imapd
Like everything else I think it depends on the scale of the problem... If you've got the latest computer and 100 users, no... If you've got a 2 year old computer serving hundreds or thousands BUSY users, every little bit helps. encryption generally speaking is an expensive process - that's why people offload it to encryption appliances etc. m/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jon Nelson Sent: Thursday, October 09, 2003 11:00 AM Cc: [EMAIL PROTECTED] Subject: RE: [courier-users] Running three instances of imapd On Thu, 9 Oct 2003, Mitch \(WebCob\) wrote: Because if the server has volume WHY load it up with useless overhead? Is /webmail/ over SSL that much more intensive than the same over a non-encrypted channel? -- Democracy is two wolves and a sheep voting on what to have for dinner. Liberty is two wolves attempting to have a sheep for dinner and finding a well-informed, well-armed sheep. Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Running three instances of imapd
Hello there, I wish to have the following setup: o imapd running on IP xxx.xxx.xxx.xxx port 143 wich accepts only STARTTLS connections o imapd-ssl running on ip xxx.xxx.xxx.xxx port 993 wich accepts only (of course) secure connections o imapd running on port 127.0.0.1 port 143 wich accepts nonsecure connections (local webmail) I think that this is not possible out of the box. I know I can have couriertcpd running on multiple port numbers like so: PORT=xxx.xxx.xxx.xxx:143,127.0.0.1:143 But I cannot specify IMAP_TLS_REQUIRED on an per IP basis. So, I'm planning on doing it like this: relevant entries in /courier/etc/imapd ADDRESS=xxx.xxx.xxx.xxx PORT=143 relevant entries in /courier/etc/imapd-ssl SSLADDRESS=xxx.xxx.xxx.xxx SSLPORT=993 IMAP_TLS_REQUIRED=1 make a new /courier/etc/imapd-webmail that is a copy of /courier/etc/imapd with the following relevant changes: ADDRESS=127.0.0.1 PORT=143 MAXDAEMONS=40 MAXPERIP=40 PIDFILE=/courier/var/tmp/imapd-webmail.pid (!!! IMPORTANT!!!) I don't know how the local webmail worked until now with MAXPERIP set to 4 before :-) make a new /courier/sbin/imapd-webmail that is a copy of /courier/sbin/imapd with the following content: #! /bin/sh # $Id: imapd.rc.in,v 1.16 2002/12/24 02:35:50 mrsam Exp $ # # Copyright 1998 - 1999 Double Precision, Inc. # See COPYING for distribution information. prefix=/courier exec_prefix=/courier sbindir=${exec_prefix}/sbin . ${prefix}/etc/imapd-webmail case $1 in start) LIBAUTHMODULES= for f in `echo $AUTHMODULES` do LIBAUTHMODULES=$LIBAUTHMODULES ${exec_prefix}/libexec/authlib/$f done ulimit -v $IMAP_ULIMITD /usr/bin/env - /bin/sh -c set -a ; \ prefix=/courier ; \ exec_prefix=/courier ; \ sbindir=${exec_prefix}/sbin ; \ bindir=/courier/bin ; \ . ${prefix}/etc/imapd-webmail ; \ IMAP_STARTTLS=NO ; export IMAP_STARTTLS ; \ ${exec_prefix}/sbin/couriertcpd -address=$ADDRESS \ -stderrlogger=${exec_prefix}/sbin/courierlogge r \ -stderrloggername=imapd-webmail \ -maxprocs=$MAXDAEMONS -maxperip=$MAXPERIP \ -pid=$PIDFILE $TCPDOPTS \ $PORT ${exec_prefix}/libexec/courier/imaplogin $LIBAUTHMODULES \ /courier/bin/imapd Maildir ;; stop) ${exec_prefix}/sbin/couriertcpd -pid=$PIDFILE -stop ;; restart) ${exec_prefix}/sbin/couriertcpd -pid=$PIDFILE -restart ;; esac exit 0 As an aside, why doesnt the /courier/sbin/imapd-ssl have a the following? restart) ${exec_prefix}/sbin/couriertcpd -pid=$PIDFILE -restart ;; Well. This is my idea. Do you see any problem with this? Is it safe to run multiple instances of imapd? I suppose so, because there are already two of them runnig (ssl and non ssl). Three won't hurt, right? Best regards and sorry for the long email. Miguel Cabeça --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
On Thursday 09 October 2003 12:33, Miguel Cabeça wrote: o imapd running on port 127.0.0.1 port 143 wich accepts nonsecure connections (local webmail) Just to clarify - by local webmail do you mean courier's sqwebmail? Because it doesn't use imap, it reads the files directly off the disk. So you don't need an imap connection for it. But if you plan on using an actual imap based webmail like Squirrelmail, etc. then you would. (Someone stop me if I'm way off base here!) Jeff Jansen --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
Jeff, By local webmail I mean: the webmail server is the same as the mail server. No, I'm not talking about sqwebmail. I use Horde/Imp that makes imap connections to localhost (127.0.0.1). Those connections don't need to be encrypted. The webmail is accessed via https only. Thanks Miguel Cabeça - Original Message - From: Jeff Jansen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 09, 2003 2:54 PM Subject: Re: [courier-users] Running three instances of imapd On Thursday 09 October 2003 12:33, Miguel Cabeça wrote: o imapd running on port 127.0.0.1 port 143 wich accepts nonsecure connections (local webmail) Just to clarify - by local webmail do you mean courier's sqwebmail? Because it doesn't use imap, it reads the files directly off the disk. So you don't need an imap connection for it. But if you plan on using an actual imap based webmail like Squirrelmail, etc. then you would. (Someone stop me if I'm way off base here!) Jeff Jansen --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Running three instances of imapd
On Thu, 9 Oct 2003, Miguel Cabeça wrote: Jeff, By local webmail I mean: the webmail server is the same as the mail server. No, I'm not talking about sqwebmail. I use Horde/Imp that makes imap connections to localhost (127.0.0.1). Those connections don't need to be encrypted. The webmail is accessed via https only. Ah, but *can* they be encrypted. If so, just do it that way and be done with it. Why make life more complicated? -- Democracy is two wolves and a sheep voting on what to have for dinner. Liberty is two wolves attempting to have a sheep for dinner and finding a well-informed, well-armed sheep. Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Running three instances of imapd
Because if the server has volume WHY load it up with useless overhead? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jon Nelson Sent: Thursday, October 09, 2003 9:35 AM Cc: [EMAIL PROTECTED] Subject: Re: [courier-users] Running three instances of imapd On Thu, 9 Oct 2003, Miguel Cabeça wrote: Jeff, By local webmail I mean: the webmail server is the same as the mail server. No, I'm not talking about sqwebmail. I use Horde/Imp that makes imap connections to localhost (127.0.0.1). Those connections don't need to be encrypted. The webmail is accessed via https only. Ah, but *can* they be encrypted. If so, just do it that way and be done with it. Why make life more complicated? --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Running three instances of imapd
On Thu, 9 Oct 2003, Mitch \(WebCob\) wrote: Because if the server has volume WHY load it up with useless overhead? Is /webmail/ over SSL that much more intensive than the same over a non-encrypted channel? -- Democracy is two wolves and a sheep voting on what to have for dinner. Liberty is two wolves attempting to have a sheep for dinner and finding a well-informed, well-armed sheep. Jon Nelson [EMAIL PROTECTED] C and Python Code Gardener --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users