[imp] imp for hosting many domains

jlewis@lewis.org jlewis@lewis.org
Sun, 11 Aug 2002 00:25:28 -0400 (EDT)


I recently posted some questions about how to efficiently setup IMP to 
serve many domains, and didn't find any clear/complete instructions for 
this in the list archive.  A few people have even emailed me asking if I 
got any replies or made any progress.

I ended up figuring out a method that appears to work very well for me.  
Your mileage may vary.  For the sake of not repeating what's already been 
done, I'll assume you're familiar with
 
Installation guide "IMP 3.0 on RedHat 7.2" http://www.geocities.com/oliversl/imp/

This is a link on the horde web site pointing to step by step instructions
for installing IMP 3.0 on Red Hat 7.2 done by Oliver Schulze L.  
Substituting the most recent versions, horde-2.1, imp-3.1, turba-1.1, and 
Red Hat 7.3, these instructions are still quite helpful.

In my setup, I have qmail+vpopmail handling virtual domains.  I installed
courier imap on the qmail server.  I have IMP running on its own server.  
My goal was to make any domain on the qmail+vpopmail server (or any
qmail+vpopmail server we happen to setup) able to use IMP without having
to manually configure anything on the IMP server for each domain.

The first thing I did was a variation on the servers.php code I think was
originally posted by jimmy@firstlink.com.au.

// Virtual domain handling

//This extracts the domain name like webmail.example.com to example.com
$this_domain=substr(getenv('HTTP_HOST'),strpos(getenv('HTTP_HOST'),'.')+1);
//append mail host to domain, most server with mail like mail.example.com
$this_mail_server='mail.'.$this_domain;
$this_mail_protocol='imap/notls';
$this_mail_port=143;
$this_mail_folder='INBOX.';
$this_mail_namespace='';
$this_mail_smtphost='smtp.'.$this_domain;
$this_mail_realm='';

$servers[$this_domain] = array(
        'name' => $this_domain,
        'server' => $this_mail_server,
        'protocol' => $this_mail_protocol,
        'port' => $this_mail_port,
        'folders' => $this_mail_folder,
        'namespace' => $this_mail_namespace,
        'maildomain' => $this_domain,
        'smtphost' => $this_mail_smtphost,
        'realm' => $this_mail_realm,
);

I then setup a imp_get_vinfo function by doing the following in 
imp/config/conf.php:

$conf['hooks']['vinfo'] = 'imp_get_vinfo';
if (!function_exists('imp_get_vinfo')) {
    function imp_get_vinfo ($type = 'username') {
        global $conf, $imp;

        $vdomain = getenv('HTTP_HOST');
        $vdomain = preg_replace('|^webmail\.|i', '', $vdomain);
        $vdomain = strtolower($vdomain);

        if ($type == 'username') {
            return (preg_replace('|@.*|', '', $imp['user']) . '@' . $vdomain);
        } elseif ($type == "vdomain") {
            return $vdomain;
        } else {
            return new PEAR_Error('invalid type: ' . $type);
        }
    }
}

Now it turned out the real trick was disabling UseCanonicalName in 
httpd.conf.  This is the setting that will cause apache to generate URL's 
pointing to the wrong host/domain when trying to do a mass virtual hosting 
IMP where everyone has webmail.theirdomain.com pointing to the same A 
record.

With UseCanonicalName off, and the above IMP settings, any domain that has
a webmail hostname can use IMP providing they have an imap server
available at mail.theirdomain and that imap server expects logins in the
format user@theirdomain.  The only configuration needed is setting up the
domain on the mail server and making a webmail.domain A or CNAME record
pointing to the IP or hostname of the IMP server.

I did make some small cosmetic changes to compose.php, mostly just to 
alter the IMP added Received: line which would add user@domain...since in 
my case user is already user@domain, it was adding 
user@domain@webmail.domain.  This is also why I have set the realm to ''.  
Initially, I was setting it to webmail.$this_domain, but that resulted in 
prefs and turba objects being owned by user@domain@webmail.domain...not 
really a problem, but kind of messy looking.

With the above imp_get_vinfo function, users are supposed to log in as
just user and imp displays the @theirdomain to the right of the username
box...but if they mess up and log in as user@domain (you know they
will...I even did it several times out of habit) it'll strip off
everything right of and including the @ and build their username based on
the URL they used to get to IMP.

Incidentally, there is a bug in the latest stable release of vpopmail that 
causes authentication failures with courier's authdaemond.  This can be 
solved by upgrading vpopmail to the latest development version (I wasn't 
interested in that) or by doing some very minor hacking in authdaemond to 
work around the vpopmail bug.  Contact me off-list if you want more info 
on the workaround.

For security reasons, I highly recommend limiting which imap servers your 
virtual hosting IMP is willing to talk to.  Otherwise, people could use 
your IMP unexpectedly, or worse, spam through it.  I'm using ipchains on 
the IMP server to limit outgoing connections to port 143 to only 
authorized mail servers.
 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________