totheend-user.SimilarlyinIMAP4mode,perditionacceptstheLOGINcommandandp - PDF document

totheend-user.SimilarlyinIMAP4mode,perditionacceptstheLOGINcommandandpassestheusernameandpasswordsuppliedontothereal-serverspeciedinthepopmap.Whenperditionispipinginformationbetweentheend-userandreal-serveritdoesnotinterpretthedata,itmerelyreadsbytesfromtheend-userandsendsthentothereal-serverandviceversa.ThismeansthatperditiononlyunderstandsthePOP3andIMAP4commandsthatareusedintheauthenticationphase.Itdoesnotinterpretthecommunicationbetweentheend-userandthereal-server.ThisgreatlyreducestheamountofthePOP3andIMAP4protocolthatperditionneedstounderstand,reducingthecomplexityofthecode.Plain-Text,SSLandTLS Figure2:Plain-Text,SSLandTLSModesPerditioncanindependentlyacceptplain-text,SSLandTLS[7]connectionsfromend-usersandmakeplain-text,SSLorTLSconnectionstoreal-servers.Inthiswayperditioncanbeusedtobridgebetweenplain-text,SSLandTLSservices.Forexample,supposeasystemisrunningaPOPdaemonthatdoesnotsupportSSL,buttheenduserisdownloadingmailfromanSSLenabledclient.Byrunningperdition,listeningforSSLconnections,onthesameoranotherbox,andconnectingtotheplain-textonlydaemonanSSLPOPservicecanbeprovidedtoend-users.PopmapThedatabasethatperditionusestodeterminewhichserveranend-user'sconnectionshouldbeforwardedtoiscalledthepopmap.Thelookupfunctionsforthepopmapareprovidedbyaamap-librarywhosesymbolsareloadedatrun-time.Bycreatingdierentmap-librariesitispossibleforperditiontolookupuserinformationusinganydatabasesource.Thecurrentrevisionprovidesmap-librariestoresolvelookupsusingLDAP,ODBC,MySQL,PostgreSQL,GDBM,BerkeleyDB,POSIXRegularExpressionandNIS. InputThekeyforapopmaplookupistheusernameprovidedbytheend-user.Theusernamesuppliedbytheuserisreferredtoasthelongusername.Theportionofthelongusernamebeforetherun-timecongurabledomaindelimiter,anat-symbol('@')bydefault,isreferredtoastheshortusername.Theportionofthelongusernameafterthedomaindelimiterisreferredtoasthedomain.Thus,ifthedomaindelimiterisomitted,theshortusernameisthesameasthelongusernameandthereisnodomain. LongUsername ShortUsername Domain mary@verge.net.au mary vergenet.net bob bob - Figure3:UsernameComponentsQueryKeyPerditionisabletobuildupaquerykeyusingthecomponentsprovidedinthelongusernamebytheend-userandthesourceanddestinationIPaddressoftheconnection.Thequerykeyisbuiltupbyusingaformat-stringwhichcontainsacombinationofstring-literalsandescapesequences. EscapeSequence Entity nU longusername nu shortusername nD domaindelimiter nd domain ni sourceIPaddress nI destinationIPaddress np sourceport nP destinationport nn Literaln Figure4:QueryKeyEscapeSequencesMultiplekeysmaybeprovided.Acomma(',')isusedtodelimitkeys.Eachkeyisqueriedinorder,andtherstvalidresultretrievedisused.Forexample,searchfortheshortusername,domaindelimiteranddestinationIPaddressinthedatabase.Ifthisfailssearchfortheshortusername,domaindelimiterandthestring"default".\u\D\I,\u\DdefaultThus,perditionisabletosearchthedatabaseinavery exiblemanner.This exibilityallowsperditiontobedeployedforawiderangeofapplications.Asdiscussedintheapplicationssection. insomesituationsitisdesirabletoallowend-usersoutsideofthelocalnetworktorelayemailthroughaserver.Forexample,anemployeewhoisontheroadusingdial-upconnections.ProbablythebestsolutiontothisproblemistohaveclientsauthenticatethemselveswhensendingmailusingSMTPAUTH[5].Ifthisisnotpossible,POP/IMAPbeforeSMTPmaybeused.POP/IMAPbeforeSMTPworksbyrecordingtheIPaddressofend-usersthatareauthenti-catedforPOPorIMAPaccess.TheseIPaddressesareaddedtoalistofIPaddressesthatareallowedtorelaymail.TypicallyIPaddressesonthislistarevalidforawindowoftimeandareremovedfromthelistoncethiswindowexpires.PerditionlogsconnectionsinthreephasestoallowittoworkinconjunctionwithPOP/IMAPbeforeSMTPsoftwarewhichmonitorslogsandmaintainsalistofIPaddressesthatmayberelayed.Whenauserconnects:Connect:source ip address�[inetd pid=pid&#x]TJ/;༙ ;.9;U T; 9.;ą ;� Td;&#x[000;]Whenauserisauthenticated:Auth:source ip address�user="username&#x]TJ/;༙ ;.9;U T; 9.;ą ;� Td;&#x[000;"server="servername"&#x]TJ/;༙ ;.9;U T; 9.;ą ;� Td;&#x[000;port="port&#x]TJ/;༙ ;.9;U T; 9.;ą ;� Td;&#x[000;"status=failedjokWhenauserdisconnects:Close:source ip address�user="username&#x]TJ/;༙ ;.9;U T; 9.;ą ;� Td;&#x[000;"received=bytes&#x]TJ/;༙ ;.9;U T; 9.;ą ;� Td;&#x[000;sent=bytes&#x]TJ/;༙ ;.9;U T; 9.;ą ;� Td;&#x[000;GiventhatIMAPconnectionsmaylastforaverylongtime,manymailreaderskeepanIMAPconnectionopenuntiltheuserquitsthemailreader.Thustheconnectionmaybeopenformuchlongerthantheuser'sIPaddresswilllastinthePOP/IMAPbeforeSMTPrelaylist.Forthisreasonperditioncanbeconguredtoperiodicallyreissuethe"Auth"log.PerditionalsoprovidesaPOP/IMAPbeforeSMTPdaemon,perdition-pbs.Thisworksbymonitoringthesystemlogsforthe"Auth"line.ItaddstheIPaddressestoaBerkeleydatabase.Periodicallyentriesareexpiredfromthisdatabase.Perdition-PBScanbeusedinconjunctionwithsendmailbyaddingaruletosendmail.cfthatisabletousethisdatabaseasalistofhoststorelaymailfrom.Itcanalsobeusedinconjunctionwithqmailbyusingawrapperforqmail-smtpwhichsetstheRELAYCLIENTenvironmentvariableifaconnectionisreceivedfromanIPaddressinthedatabase.ItisthoughtthatbyusingTDBrepl[8],asimpledatabasereplicationsystembuiltontopofTDB[2],insteadofBerkeleyDBfortheback-enddatabaseitispossibletouseperdition-pbsinadistributedenvironment.ApplicationsTheoriginaldesignandimplementationofperditionwasintendedtoallowamailservicetogrowbeyondasinglemachine.However,itsoonbecameapparentthatitcouldbeusedto User-SuppliedDomainNameUsersmaysupplyadomainnamewhenconnectingtotheperdition-director.Thisisdonebyfollowingtheirusernamewithadomaindelimiterandthedomainname.Perditioncanusethisdomaintodistinguishbetweentwoend-usersfromdierentdomainswiththesameusernameandcanmaptheusernamesuchthatontheunderlyingreal-servertheusershavedierentusernames.Forexample,bob@foo.combecomesbob1andbob@bar.combecomesbob2.Perditionthenopensupaconnectiontothereal-server,whichcouldbethesamehostastheperdition-directorandaccessesthemappeduseraccount.Thissystemworksparticularlywellinanenvironmentwhereend-usersalreadyhavetheirmail-clientsconguredtoincludethedomainnameaspartoftheirloginname.Perdition-DirectorwithMultipleIPAddressesAnotherapproachtoidentifyingend-usersbasedontheirdomainistoconguretheperdition-directorwithmultipleIPaddresses.Thus,inDNSadierentIPaddresscanbeusedforeachdomain.TheIPaddressthatanend-userconnectstocanbeusedaspartofthequerykeyforthedatabaselookup.Thusisbob@foo.comconnectstopop3.foo.com,thenthedatabaselookupcouldbebob@10.0.0.1.Similarlythelookupforbob@bar.comcouldbebob@10.0.0.2.Again,thiscanbeusedtomapthetwoBob'stoauniqueusernameandconnecttothecorrespondingreal-server. Figure7:Perdition-DirectorwithMultipleIPAddressesThisapproachisparticularlyusefulinanenvironmentwhereend-usershavenotalreadysetuptheirmail-clientstosupplytheirdomainaspartoftheirlogininformation.End-userscontinuetoaccesstheiremailusingthesamePOPorIMAPserverasbefore.Perditionisabletodirecttheirrequesttothecorrectmailboxbasedoninformationabouttheconnectionitself.ThedisadvantageofthisapproachisthatitrequireseachdomaintohaveaseparateIPaddressforitsPOPandIMAPservers.Essentially,havingtheusersupplyadomainnameisequivalenttoanHTTPname-basedvirtualhost[3].WhileconguringperditionwithmultipleIPaddressesisequivalenttoanIP-basedvirtual-host.Bothtechniquesmaybeusedsimultaneouslyonthesameperdition-directorfordierentdomains. MigrationSometimeswhennewmailinfrastructureisdeployeditisusefultomigrateend-usersgraduallyfromtheexistingsystemtothenewsystem.Usingperditionthiscanbedonewithoutend-usersneedingtochangetheirsettings. Figure8:UsingPerditiontoMigrateaMailServiceSupposethatanorganisationhasaPOPserver,pop3.foo.comandwanttograduallymoveend-usersovertoanewserver.ThiscanbedonebyhavingperditionsetupwiththeIPaddressofpop3.foo.comandthenewandoldserverssetupasrealservers.Thepopmapontheperditiondirectorcanbeusedtodeterminewhichend-usershavetheirconnectionsforwardedtotheoldserverandwhichend-usershavetheirconnectionsforwardedtothenewserver.Oncealltheend-usershavebeenmigratedtothenewserver,theperditiondirectorcanberemoved.FirewallPerditioncanbeusedaspartofarewalltoproxyoutgoingPOPandIMAPrequests.End-users'connectionscanbeforwardedtoanexternalreal-serveraccordingtoapopmap.Alter-natively,perditioncanbeconguredtousethedomainsuppliedbytheend-user'smail-clientastherealservertoconnectto.Forexample,ifanend-userconnectstotheperditiondirectorandlogs-inasbob@pop3.foo.com,thenperditionwillconnecttheusertopop3.foo.com.Perditioncanalsobeconguredtoauthenticatetheuser,thuslimitingaccess.Thisis,however,extremelylimitedasthesameusernameandpasswordisusedtoauthenticatewithbothperditionandtherealserver.Itisimportanttonote,thatoncetheuserisauthenticatedwiththereal-server,perditiondoesnotinterpretthePOPorIMAPcommandssentbytheend-user'smail-clientortheresponsessentbythereal-server.Thus,itcannotbeusedtoprotectreal-serversfrommaliciousend-usersorviceversa. AvailabilityPerditionisimplementedinC.ItisavailableunderthetermsoftheGNUGeneralPublicLicencefromhttp://www.vergenet.net/linux/perdition/.ItisalsodistributedaspartofDebianGNU/Linux.TheprimarydevelopmentplatformforperditionisLinux,althoughitisknowntoworkwellonotherUnixesincludingSunSolarisandFreeBSD.Contributionsandbugreportsarealwaysmorethanwelcome.ConclusionPerditionprovidesa exiblewaytoproxyPOPandIMAPconnectionsfromend-userstooneormorereal-servers.Pipex,anISPintheUnitedKingdom,WorldComEurope,BelgacomSkynet,thelargestISPinBelgium,OhioStateUniversity,SoVerNet,andISPinVermont,USA,Fastmail.FM,andNetCologe,andISPinColonge,GermanyareusingPerditionasafront-endtomultiplereal-servers.GPS-TechnikinSwitzerlandandOspreyNetworkTechnologiesinKansas,USAareusingperditiontotranslateaccountnamesforend-userswhenintegratingmailservicestogether.Thesesystemsusearangeofdatabase-backends,includingLDAP,MySQLandBerkelyDB.Thesizeofthesedeploymentsrangefrom2,500toinexcessof250,000accountswithupto8real-servers.References[1]M.Crispin.Rfc1730:Internetmessageaccessprotocol{version4,December1994.http://www.ietf.org/rfc/rfc1730.txt.[2]AndrewTridgeletal.Tdb{trivialdatabase.http://sourceforge.net/projects/tdb/.[3]TheApacheSoftwareFoundation.Apachevirtualhostdocumentation.http://httpd.apache.org/docs/vhosts/.[4]SimonHorman.Highcapacityemail,November1999.http://vergenet.net/linux/mail farm/.[5]J.Myers.Rfc2554:Smtpserviceextensionforauthentication,March1999.http://www.ietf.org/rfc/rfc2554.txt.[6]J.MyersandM.Rose.Rfc1939:Postoceprotocol{version3,May1996.http://www.ietf.org/rfc/rfc1939.txt.[7]C.Newman.Rfc2595:Usingtlswithimap,pop3andacap,June1999.http://www.ietf.org/rfc/rfc2559.txt.[8]LiamWiddowson.Tdbrepl{thetrivialdatabasereplicationsystem.http://tdbrepl.inodes.org/.SpecialthankstoKsh,Raster,Alex,Jake,JohnFerlitoandNerdyAmandaLin.