[imp] IMP + virtual domains/usernames + single SSL host (HOWTO)
Jussi Paju
Jussi.Paju at iki.fi
Mon Mar 26 11:46:18 UTC 2007
Hi,
I've been digging around the list archive for days and found a lot of
messages somewhat relevant, but still couldn't find the ultimate
solution, hence this post and my solution.
I've got DBMail and end-user configurable (system wide) usernames so I
need to tell them apart somehow internally without being able to control
the naming scheme. This was accomplished by a custom made admin GUI
which automatically appends client domain to the usernames internally
(admin sees only "localpart" as username when usernames are actually
stored like localpart at clientdomain in the DB).
The greatest problem with Horde/IMP was that I needed to redirect user
from
http://webmail.customer.tld/
to
https://ssl.provider.tld/horde/imp
*before* logging in and still to be able to tell from which domain the
user is coming from.
I wanted the solution (read: Horde/IMP) still to be as upgradeable as
possible, meaning as few modifications to Horde-distributed scripts as
possible to make the later updates easier.
First I tried simply a GET-parameter but that got discarded f.ex. when
user mispelled username or password so I needed to find an another
approach, cookie.
So, I created one virtualhost which is configured to handle all the
webmail. -addresses, both clients and providers. If the request comes to
any of the webmail.[customer.tld] -addresses, it's redirected to
http://webmail.provider.tld/?maildomain=[customer.tld] and after that,
the same script sets a cookie "maildomain" that has value "customer.tld"
and ".provider.tld" as host and redirects request to
https://ssl.provider.tld/horde/imp/
The helper host webmail.privider.tld might even be absolutely
unnecessary but I used it to make sure that the cookie gets set
properly. The helper hostname can be anything (f.ex. in case one wants
to use webmail.provider.tld for the SSL), just change it in the script
below and configure Apache vhost accordingly ($helperhost and
webmail.customer.tld -addresses pointing to the same vhost).
.../htdocs/webmail.provired.tld/index.php:
--clip--
<?php
$mydomain = ".provider.tld"; // Keep the dot at the beginning!
$myhelperhost = "webmail" . $mydomain;
$mysslhost = "ssl" . $mydomain;
if ( substr($_SERVER['HTTP_HOST'], -strlen($mydomain)) == $mydomain) {
$maildomain = $_GET['maildomain'];
setcookie("maildomain", $maildomain, time()+60*60*12, "/", $mydomain);
header("Location: https://" . $mysslhost . "/horde/imp/");
} else {
$maildomain = str_replace("webmail.", "", $_SERVER['HTTP_HOST']);
header("Location: http://" . $myhelperhost . "/?maildomain=" . $maildomain);
}
exit;
?>
--clip--
To add some security, I've taken the script even further with a checksum
and a lightweight domain validation. The basic script above still works
as it is.
Then, I made only small adjustments to horde/config/hooks.php by adding
this:
--clip--
if ( (!function_exists('_imp_hook_vinfo')) && (isset($_COOKIE['maildomain'])) ) {
function _imp_hook_vinfo($type = 'username') {
$vdomain = $_COOKIE['maildomain'];
if ($type == 'username') {
return $_SESSION['imp']['user'] . '@' . $vdomain;
} elseif ($type == 'vdomain') {
return $vdomain;
} else {
return PEAR::raiseError('invalid type: ' . $type);
}
}
}
--clip--
And voila, if user comes from http://webmail.customer.tld, the vinfo
kicks in and if user doesn't have the cookie, everything works as before
any of this because _imp_hook_vinfo doesn't get defined. There is even a
way to remove the cookie before the defined time has passed, just go
directly to http://webmail.provider.tld and the cookie gets deleted.
The End.
P.S. According to my close friend Mr Murphy, because I've spent hours
and hours first trying to resolve my problem and now writing this post,
there has to be a way to do this with a snap. ;)
--
Jussi Paju
- luoja, creator -
:: Te audire no possum. Musa sapientum fixa est in aure.
:: I can't hear you. I have a banana in my ear.
More information about the imp
mailing list