[Dovecot] Thinking Outside the Box - Extending IMAP

Eric Rostetter rostetter at mail.utexas.edu
Tue May 15 17:30:00 EEST 2007


Quoting Johannes Berg <johannes at sipsolutions.net>:

> On Mon, 2007-05-14 at 11:39 -0500, Eric Rostetter wrote:
>
>> You can setup a ssh tunnel on the server on any port.  The user then
>> sets up to connect to that port.  The authentication can be done anyway
>> you want, or not at all.  We're not talking ssh logins to the server,
>> we're talking ssh tunneling.
>
> Actually, I was thinking ssh logins :)

Huh...  Not sure why, but...  This sounds like it would require both
ssh server modifications and e-mail client modifications.  As such,
you may not get a lot of buy in to your idea.  At that point, you're
almost half way to creating a new protocol anyway...

>  * the imap service you provide is a pre-authenticated imap session so
>    that authentication/encryption is in ssh. I read my mail this way all
>    the time.
>  * the ssh also provides a few other services that you can use

Seems to me that instead of adding plugins to dovecot and the e-mail client,
you've added "subsystems" and plugins to the ssh server and e-mail client.
So you've just traded one server/client combination for another.

> Thus, what you get is exactly what you want: a service that provides
> multiple virtual services within a single existing connection.

But since you've had to modify the client and server, why not just do this
with any old client/server protocol?  What is so special about ssh in this
case?

I'd rather just tunnel the imap via ssh, and use the existing ssh tunnel
to do pre-auth for other services...  Seems more trivial, as we're only
modifying the client, not the server...  But what do I know/care.  I've
always been happy with multiple protocols.

One reason I like multiple protocols, each with their own server code, is
that it scales well.  I can put each service on a separate machine if I
need to, I can re-prioritize them individually, I can proxy them with ease,
etc.  When you start jamming lots of protocols into one code base, not only
is it harder to audit and debug, it is harder to scale.  Yes, you can still
scale with load balancers and such, but that introduces additional cost and
complexity which isn't needed when the services are isolated.

But, I guess not every one needs to scale, and not everyone is on the
server end (and yes, things always look different from the client end).

> johannes

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!


More information about the dovecot mailing list