It seems to me they could have added something like a SOCKS5 header at the front of the stream to carry the source information.
You could distinguish it from a direct connection by listening on a different port (like http/https). That's not pretty, but better than wasting an IP address. And you'd still want to firewall that port from connections from anywhere except your trusted proxy, for obvious reasons. Also: if you're going to invent a new protocol for this, then you should make it stackable so that a request can be forwarded through a variable number of proxies, and the final endpoint can decode the path that the forwarding took. ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap