Jakob Bohm writes:
On 6/5/2013 1:21 PM, Taavi Kald wrote: > Hi, > > would be nice if Courier Imap server supported Proxy Protocol > (http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt)Interesting proposed protocol somehow not submitted as an internet draft for proper standardization. In reading the document I note that the original proposer has tested it against only one IMAP implementation, seen it fail and ignored the issue. I also note that the protocol, as fundamentally designed, is never going to work with any server whose layer 6 protocol parser code cannot be changed (such as any previously shipped close source products, such as those from MS and Apple). I also find that the protocol will be hard to implement in kernel or hardware level proxies, such as the NAT features in the Linux and BSD kernel, nor in similar high speed hardware implementations. Another specification flaw (but purely a specification issue) is that the specification suggests that servers are set up with extra IP addresses to receive proxied requests, plus extra firewall rules to prevent direct Internet access to the redundant listens. This is an extremely high overhead in a world with IPv4 exhaustion and protocol stacks that make it exceedingly difficult to properly handle multiple IP addresses (both Linux and NT fail miserably in this department). Only as a vague note late in the specification does it even mention the saner option of looking for proxy information only if the source IP is that of the proxies used.
Another specification flaw is the requirement that the server wait until it receives the proxy header. The first thing an IMAP server does is send its greeting; so this would only be applicable in 100% proxy environments, where all connections come from proxies, since the server won't send its greeting until it reads the header.
This is not unique to IMAP. Ditto for SMTP, POP3, etc…Furthermore, Courier-IMAP had its own built-in proxy, for a number of years. Which is far more sophisticated that generic protocol-level proxies. You need to run the server on the proxies themselves, and it will look up the server to proxy from the login ID, and then proxy the actual IMAP session to the server that the account really lives on. You can move mailboxes between servers, with no change to client-side configuration. So, just install a bunch of proxy servers that share the same DNS hostname, balance the load on the front end, and balance the back end by moving accounts (during downtime, of course).
You can take your logs from the proxy server directly.
pgpmPOjz18NHq.pgp
Description: PGP signature
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
