Quoting KT Walrus <ke...@my.walr.us>:
I’m in the process of setting up a Dovecot IMAP proxy to handle a
number
of IMAP server domains. At the current time, I have my users divided
into 70 different groups of users (call them G1 to G70). I want each
group to configure their email client to access their mailboxes at a
domain name based on the group they belong to (e.g., g1.example.com
<http://g1.example.com/>, g2.example.com <http://g2.example.com/>, …,
g70.example.com <http://g70.example.com/>). I will only support TLS
encrypted IMAP connections to the Dovecot IMAP proxy (‘ssl=yes’ in
the
inet_listener). My SSL cert has alternate names for all 70 group domain
names.
I want the group domain to only support users that have been assigned to
the group the domain name represents. That is, a user assigned to G23
would only be allowed to configure their email client for the IMAP
server named g23.example.com <http://g23.example.com/>.
My solution during testing has been to have the Dovecot IMAP proxy to
listen on different ports: 9930-9999. I plan to purchase 70 IPs, one for
each group, and redirect traffic on port 993 to the appropriate Dovecot
IMAP proxy port based on the IP I assign to the group domain name in the
site’s DNS. The SQL for handling the IMAP login uses the port number of
the inet_listener
I think this could work in production, but it will cost me extra to rent
the 70 IPs and might be a pain to manage. Eventually, I would like to
have over 5,000 groups so requiring an IP per group is less than ideal.
I also think having Dovecot IMAP proxy have 5,000 inet_listeners might
not work so well or might create too many threads/processes/ports to fit
on a small proxy server.
I would rather have 1 public IP for each Dovecot IMAP proxy and somehow
communicate to the userdb which group domain name was configured in the
email client so only the users assigned to this group can login with
that username.
Anyone have any ideas?
Do you have a SQL userdb?
Create a table or a 'host' field for the user.
user_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, "89" as uid,
"89" as gid, host, 'Y' AS proxy_maybe, pw_dir as home, pw_dir as mail_home,
CONCAT('maildir:', pw_dir , '/Maildir/' ) as mail_location FROM vpopmail
WHERE pw_name = '%n' AND pw_domain = '%d'
(mine is based on qmail/vpopmail)
Then populate 'host' for each user if you don't have any other way of
programatically determining the host..
Rick
