[ale] Re: Many domains, one Cyrus

Thu Oct 4 19:22:09 EDT 2001

I did not, until this evening, know about the IMAPv4 limitation.  That
definitely puts a damper on things.

Right now I'm thinking of two solutions:
1) some sort of IMAP proxy that intercepts requests, looks up the real
username for the given alias (since I'm using mysql to handle the aliases on
the MTA side, this should be fairly easy), and makes the request of Cyrus
using the real username.   (a la Matt Prigge's suggestion, thanks Matt!!)
Of course, as Michael pointed out, the drawback to this is that it doesn't
*really* solve the problem, just makes the unique user names a bit tidier.
 This is a possiblity, since it would be easier to say to the client that
they must tack on their domain name instead of handing them some bizarre new
user id.

or

2) bind multiple Cyrii to different, non-143 ports.  When my router notices a
request for mail.client1.com:143, it redirects to client1's real port on the
IMAP server.  The IMAP protocol doesn't have domain built in, but the packets
do have enough information that I think I could reliably route this way.

Feedback on either of these solutions is, of course, most welcome.  What is
the performance cost of running many cyrus master processes with a handful of
concurrent connections each, versus one master with many concurrent?

Thanks for the detailed response.  I am in charge of migrating our many
domains from outsourced mail servers running IMail, one domain per IP (large
ISP with IPs to spare) to our single box with a single IP.  And my boss keeps
saying "Well, if THEY can do it, and on WINDOWS, what's taking  you so
long!?"  :P  It's been a long, frustrating journey so far, and the help is
very much appreciated.

Cheers
jenn

Michael Fair wrote:

> You cannot, at this time, have multiple domains and one Cyrus
> in the way you want it.  There's nothing more to say.  Given
> the current constraints it cannot be done.  You must go to a
> multiple Cyrus solution unless you are willing to change
> login identifiers.
>
> To accomplish this using only one machine and without changing
> login IDs you must use 1 IP address per domain and run multiple
> master processes.
>
> You can either create "jails" via chroot, or you can specfiy
> the -c parameter to read different configuration files for
> each of the master processes.  See the archives for instructions.
>
> Even if you were to hack the source code you could not do
> what you wanted.  This is a design limitation in the IMAPv4
> specification, or DNS, or both depending on how you want to
> look at it.  Unlike HTTP 1.1, the domain name an IMAP
> client is trying to contact is not listed as part of the
> greeting paramters and therefore the only information the
> server has to distinguish domain information comes from
> the login id.  I've been over it, it cannot be done.  The
> closest I got was modifying the IMAP clients to use SVR
> record lookups rather than A record lookups and run the
> different domains on different ports of the same IP, but
> this is not a generic solution because ALL IMAP clients
> would have to contact the servers via SVR records.
>
> You can use fully qualified email addresses as login IDs.
> "username at domain.dom" can be used with the heirer-sep patch
> which converts the heirarchy separator character to "/"
> instead of ".".  This is what I recommend.  This is the
> easiest for your end users to understand, and provides
> for other options in the future (like domain grouped
> shared folders) in the easiest most straightforward manner.
>
> Beyond that there are other source code changes that
> can be made to give an even more clean separation between
> domains in the server which you could work on, but it
> is impossible to create web-like virtual domains
> with IMAP due to design limitations.  I hope IMAPv5 or
> whatever becomes the official standard fixes this
> limitation as it currently is the bane of many an
> ISPs existence (including my own.  We essentially
> dropped our whole IMAP transition as a result of too
> many engineering and plausible complication problems
> (like scaling)).
>
> Good Luck,
> -- Michael --
>
> On Thu, 2001-10-04 at 07:46, djinn wrote:
> > I am looking for a way to set up cyrus (2.0.9) to deliver to mail boxes
> > that are unique within their domain but not necessarily across the
> > entire server.
> >
> > For example, we have a client named Chris Primus, chris at client1.com.
> > We have another client, Christopher Secundus, chris at client2.com.
> >
> > These are obviously not the same people, and their mail should go to
> > different mailboxes.  The obvious and oft-suggested method for this is
> > to create mailboxes named chris.client1 and chris.client2 and map,
> > either with aliases or LDAP, chris at client1.com->chris.client1.
> >
> > This is fine and works well once you get it set up (I have).  However,
> > both Chris's have existing accounts with us, both Chris's pay us a lot
> > of money and both Chris's are not technically savvy and will get very
> > annoyed if I call them up and tell them that they have to change their
> > Outlook mail settings to log in as a new, harder to remember username to
> > check their mail.  I have read that Cyrus can handle this sort of
> > thing.  Can anyone who's faced a similar situation help me out?
> >
> > TIA
> > jenn

---
This message as been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info