On Wed, 19 Jan 2011, Simon Horman wrote:
On Tue, Jan 18, 2011 at 10:41:11AM -1000, Julian
Cowley wrote:
Hello,
We've been using Perdition for a few years now with great success. We
have our users split amongst a handful of mailbox users, and Perdition is
configured to use MySQL to get the destination mail server. We have the
full gamut of services installed: IMAP w/TLS, IMAP w/SSL, POP w/TLS, and
POP w/SSL.
We are in the process of moving to Gmail, and want to be able to use
Perdition to proxy specific users to it. However, Gmail doesn't support
TLS (only the SSL ports). This causes a problem since (as far as my
understanding goes) Perdition uses the same port and protocol for the
outgoing connection as the incoming connection.
Is there a way to have Perdition receive a TLS connection, and then proxy
to
imap.gmail.com using SSL?
Hi Julian,
off the top of my head you want something like this:
perdition -P IMAP --ssl_mode tls_listen_force,ssl_outgoing \
--outgoing_port 993
This means all outgoing connections will be handled by SSL.
Did you want a mix of SSL and TLS outgoing connections?
If so, perdition would need to be modified.
Just to follow up on this...
Thanks for the suggestion of changing the outgoing port. It worked!
Now all incoming connections are supported when proxying to Gmail no
matter what port/method is used by the client. Internally, now all
connections between Perdition and our mailbox servers use the SSL
port only, but that is OK.
One note about proxying to Gmail. There is a problem of what to use
for the mailserver setting (i.e., "pop.gmail.com" or
"imap.gmail.com")
and still support both the IMAP and POP3 ports. We chose to solely
use
imap.gmail.com since fortunately, Google supports both ports (IMAP,
POP3) on either address (
imap.gmail.com,
pop.gmail.com). This requires
using --ssl_no_cn_verify (don't verify the CN) on the POP3 port.
Hopefully Google won't stop doing this, otherwise we'd need to find
a way to return
imap.gmail.com or
pop.gmail.com depending on the port
the client used. I haven't tested this, but one way to do this might
be to:
- use xinetd to support different settings on different ports (we are
actually doing this now and it works fine)
- change the --map_library_opt setting on the entry for the POP port
to query a database view (i.e., CREATE VIEW). The view would return
pop.gmail.com in places where
imap.gmail.com is used.