1

I'm thinking about a solution for the following scenario. We have an internal email server which can currently be reached from the internet via HTTPS and IMAP(S).

Now I need to integrate an external application which will do two-way-sync of one specific mailbox using IMAP. However, I don't want to just open port 993/TCP so any mailbox can be accessed via IMAP over the internet. Since we don't use IMAP internally, one possibility would be to disable IMAP for all mailboxes that don't need it.

Another solution that would work without opening up a port at all would be to sync messages from the internal mailbox to an external, publicly accessible mailbox using a tool such as imapsync. I'm just afraid this might not be the most reliable solution.

What I'd prefer is to set up an IMAP proxy server (with SSL of course) that would filter connections by user and would only allow white-listed users to actually connect to our internal IMAP server. I didn't find any software that is able to do this out of the box. The thing that comes closest is a scripted solution using nginx and Perl - not maintained and might have security issues. Does anyone know of an IMAP proxy that is able to do filtering or pre-authentication?

Thanks!

Jan
  • 13
  • 4
  • This is off topic because StackOverflow doesn't do recommendations. However, have you considered using IMAP through an HTTPS or SOCKS proxy, with authentication? A lot of software doesn't support it, but if yours does, that might be a solution. – Max Apr 24 '18 at 15:55
  • Hi Max, apologies - I wasn't aware this kind of question was off-topic. Connection through a SOCKS proxy is not an option, unfortunately, because I don't control the client application. However, I just thought of something else: I might just restrict IMAP access to a specified range of IP addresses. – Jan Apr 26 '18 at 11:23
  • hi there, looks very similar to this question: https://stackoverflow.com/q/74480207/3880225 – cilap Jan 08 '23 at 19:53

0 Answers0