Perdition folks,

 

I’m investigating implementing the latest version of Perdition Proxy for a client where the popmap would be provided using LDAP.  User/Domain routes are already stored in LDAP, with limited information.   Perdition will be servicing POP/POPS and IMAP/IMAPS.  They will have multiple load balanced proxies to multiple unique mail platforms. The users are going through a migration, so their target will change and there is not a 1:1 mapping between old to new targets. At the moment, each user is connecting with a target pod specific FQDN.

 

The client is reluctant to add additional LDAP attributes unless absolutely necessary.  They currently have the partial hostname of the user’s target mail platform stored in LDAP, as ‘pod1’.  For all connections to work, I believe I’ll need a full hostname (ie, pop.pod1.platformdomain.com and imap.pod1.platformdomain.com) that matches the cert on the target platform interface.  I’m sure I could use DNS for to resolve ‘pod1’ to the target platform IP.  However, I don’t think it will help for SSL connections, presenting perdition with an SSL challenge during connection to the target.

 

Given the above, I have a couple questions for those with any thoughts or experiences:

1)      Can I configure Perdition to ignore the cert errors when connecting to the target? 

2)      If (1) can be done, can I simply using DNS to deal with the partial hostname?

3)      Assuming above doesn’t work, is there a nifty way to ‘fix up’ the hostname returned from the popmap?  Is it possible to prefix ‘pop.’ and append ‘.domain.com’ to the value returned?

4)      Would you recommend:

a.       One Perdition farm listening to all user connections and routing to any target farm  -or-

b.      Perdition farms per Pod/FQDN, allowing for a default route while also providing a means of routing to other pods.

 

 

Much thanks,

Todd