[imp] IMP + virtual domains/usernames + single SSL host (HOWTO)

Jussi Paju Jussi.Paju at iki.fi
Mon Mar 26 11:46:18 UTC 2007


Hi,

I've been digging around the list archive for days and found a lot of 
messages somewhat relevant, but still couldn't find the ultimate 
solution, hence this post and my solution.

I've got DBMail and end-user configurable (system wide) usernames so I 
need to tell them apart somehow internally without being able to control 
the naming scheme. This was accomplished by a custom made admin GUI 
which automatically appends client domain to the usernames internally 
(admin sees only "localpart" as username when usernames are actually 
stored like localpart at clientdomain in the DB).

The greatest problem with Horde/IMP was that I needed to redirect user 
from

http://webmail.customer.tld/
to
https://ssl.provider.tld/horde/imp

*before* logging in and still to be able to tell from which domain the 
user is coming from.

I wanted the solution (read: Horde/IMP) still to be as upgradeable as 
possible, meaning as few modifications to Horde-distributed scripts as 
possible to make the later updates easier.

First I tried simply a GET-parameter but that got discarded f.ex. when 
user mispelled username or password so I needed to find an another 
approach, cookie.

So, I created one virtualhost which is configured to handle all the 
webmail. -addresses, both clients and providers. If the request comes to 
any of the webmail.[customer.tld] -addresses, it's redirected to 
http://webmail.provider.tld/?maildomain=[customer.tld] and after that, 
the same script sets a cookie "maildomain" that has value "customer.tld" 
and ".provider.tld" as host and redirects request to 
https://ssl.provider.tld/horde/imp/

The helper host webmail.privider.tld might even be absolutely 
unnecessary but I used it to make sure that the cookie gets set 
properly. The helper hostname can be anything (f.ex. in case one wants 
to use webmail.provider.tld for the SSL), just change it in the script 
below and configure Apache vhost accordingly ($helperhost and 
webmail.customer.tld -addresses pointing to the same vhost).

.../htdocs/webmail.provired.tld/index.php:
--clip--
<?php
$mydomain     = ".provider.tld"; // Keep the dot at the beginning!
$myhelperhost = "webmail" . $mydomain;
$mysslhost    = "ssl" . $mydomain;
if ( substr($_SERVER['HTTP_HOST'], -strlen($mydomain)) == $mydomain) {
     $maildomain = $_GET['maildomain'];
     setcookie("maildomain", $maildomain, time()+60*60*12, "/", $mydomain);
     header("Location: https://" . $mysslhost . "/horde/imp/");
} else {
     $maildomain = str_replace("webmail.", "", $_SERVER['HTTP_HOST']);
     header("Location: http://" . $myhelperhost . "/?maildomain=" . $maildomain);
}
exit;
?>
--clip--

To add some security, I've taken the script even further with a checksum 
and a lightweight domain validation. The basic script above still works 
as it is.

Then, I made only small adjustments to horde/config/hooks.php by adding 
this:

--clip--
if ( (!function_exists('_imp_hook_vinfo')) && (isset($_COOKIE['maildomain'])) ) {
     function _imp_hook_vinfo($type = 'username') {

         $vdomain = $_COOKIE['maildomain'];

         if ($type == 'username') {
             return $_SESSION['imp']['user'] . '@' . $vdomain;
         } elseif ($type == 'vdomain') {
             return $vdomain;
         } else {
             return PEAR::raiseError('invalid type: ' . $type);
         }
     }
}
--clip--

And voila, if user comes from http://webmail.customer.tld, the vinfo 
kicks in and if user doesn't have the cookie, everything works as before 
any of this because _imp_hook_vinfo doesn't get defined. There is even a 
way to remove the cookie before the defined time has passed, just go 
directly to http://webmail.provider.tld and the cookie gets deleted.

The End.

P.S. According to my close friend Mr Murphy, because I've spent hours 
and hours first trying to resolve my problem and now writing this post, 
there has to be a way to do this with a snap. ;)

-- 
Jussi Paju
  - luoja, creator -

:: Te audire no possum. Musa sapientum fixa est in aure.
:: I can't hear you. I have a banana in my ear.


More information about the imp mailing list