I'm thinking about a solution for the following scenario. We have an internal email server which can currently be reached from the internet via HTTPS and IMAP(S).
Now I need to integrate an external application which will do two-way-sync of one specific mailbox using IMAP. However, I don't want to just open port 993/TCP so any mailbox can be accessed via IMAP over the internet. Since we don't use IMAP internally, one possibility would be to disable IMAP for all mailboxes that don't need it.
Another solution that would work without opening up a port at all would be to sync messages from the internal mailbox to an external, publicly accessible mailbox using a tool such as imapsync. I'm just afraid this might not be the most reliable solution.
What I'd prefer is to set up an IMAP proxy server (with SSL of course) that would filter connections by user and would only allow white-listed users to actually connect to our internal IMAP server. I didn't find any software that is able to do this out of the box. The thing that comes closest is a scripted solution using nginx and Perl - not maintained and might have security issues. Does anyone know of an IMAP proxy that is able to do filtering or pre-authentication?
Thanks!
Related
In a corporate desktop scenario, where the user is logged in to an Active Directory domain, I'd like my application to issue HTTP requests using the same proxy as Internet Explorer uses. The problem is that the proxy requires NTLM authentication using the credentials of the currently logged in user, which is something I don't know how my application could acquire.
Besides asking the user for his/her password (for which I found a lot of solutions), is there a way to do it the right, like using some native API? I'm not picky about programming languages in this case, if it works in this scenario, I accept it, although I'd prefer C/C++.
Since you are on Windows, and you are using domain logins, you should rather rely on Kerberos. Anyway, you now several options:
If you use WinHTTP , you simple have to enable it.
Use libcurl on Windows and it will compile with SSPI support by default.
If you use sockets by yourself, you have to call SSPI with the Negotiate package and exchange tokens per HTTP all by yourself.
Does Outlook2010/2013interface with anything other than IMAP or Pop3? If so how? While manual configuration of imap works, the autodiscover wizard is turning up nothing. I have the cname on my 1and1.com pointed to www.mydomain.us. The manual setup for Outlook.com or compatible prompts for a server. Is that supposed to be the same server as specified for the imap?
I am hoping that setup for Outlook clients on pc and laptops is as seamless as it is when the pc/laptop is on a LAN. Can Outlook Anywhere (over https/rpc) be used? If so, how does one obtain the proxy server names and settings?
When it is all setup will the enduser experiance emulate that of Outlook and Exchange 2010 in regards to calender sharing and contacts?
Thankyou for any insight.
I don't know what 1and1.com offers, however you can only use OutlookAnywhere (RPC-over-HTTP) with Exchange 2003-2013.
Outlook 2003-2013 can use IMAP, POP, Exchange MAPI (RPC). With add-ons you may be able to support other protocols, but I've never used any.
For autodiscover to work, you'll usually need Exchange although there are some ways to generate the autodiscover XML without Exchange. Outlook 2010-13 (and I think 2007 too) can try guess the settings for IMAP/POP settings based on your email address, but the server would have to use pretty standard hostnames and ports for it to guess correctly.
IMAP and POP only support email message types and will not sync contacts and calendars between the server and the Outlook client, not natively anyway.
I want to develop a software which restricts users internet access using vb6 or vb.net.
This is not a baby sitter program but
1) whenever a client machine takes any browser it should ask for username and password.
2)There should be option for adding new users at the server side application.
can anyone suggest any name of such a software. or some sites where I can get some help
on the same..
You could implement a HTTP proxy using sockets. You would turn off internet connection sharing on your server and configure the other machines to connect to the web via your proxy.
I would recommend going for an off the self solution e.g. in a router rather than building something from scratch.
If you are dead set on using VB6 you could make use of the winsock control. Here is a project using winsock to serve files. You could modify it to become a multithreaded proxy server instead. It will be a tough challenge though.
http://www.codeproject.com/KB/IP/winsock.aspx
I am working on .net applicaton that need to send emails to clients. I am trying to figure out what would be that best solution to send emails. Here is what i have considered. Could you please suggest what would be the best way to go for?
1>Windows server 2008 in built smtp
service.
2>Exchange server hosted in our
datacenter.
3>Use google apps for sending
emails(Basically same as gmail like
for custom domain).
I have explored all options and below are findings.
1>I think would be way to go. Also
supports drop in directory to send
emails so can achieve disconnected
email activity.
2>Application would be tied up with
availability of exchange server and
we dont have any exchange server
support personal. Only developers
poke around in exchange server and
got it working. So if option 1 is as
good as 2 then would like to go with 1.
Is there any drop in directory feature in exchange server like 1?
3>Tried gmail smtp stuff didnt
work. I was receiving timeout error.
Also there is no guarantee that
gmail will send our mail
reliability. They can decide anytime
to stop sending our mails as we are
using free standard version of
google apps.
Other questions:
I installed smtp service in windows server 2008. Now to use this do i need to change any MX record and anything? What i need to do so it can send email using my domain name. Or it can send email for any domain?
I would use a hybrid of 1 and 2. Use local SMTP, but have it relay to your exchange server. Emails will queue if it can't relay to exchange and you have one server(s) that handle all of your outgoing/incoming mail. This support doc explains this setup: http://support.microsoft.com/kb/303734
You only need an MX record if you'll be receiving mail from that domain too.
I would also put in a reverse DNS entry for your domain, which will help with spam detection.
I have a site i am working on that i would like to display only to a few others for now. Is there anything wrong with setting up windows user names and using windows auth to prompt the user before getting into the development site?
There are several ways, with varying degrees of security:
Don't put it on the internet - put it on a private network, and use a VPN to access it
Restrict access with HTTP authentication (as you suggest). The downside to this is it can interfere with the actual site, if you are using HTTP auth, or some other type of authentication as part of the application.
Restrict access based on remote IP. Just allow the IPs of users you want to be able to access it.
Use a custom hostname. Have it on a public IP, but don't publish the hostname. This means make an entry in your HOSTS file (or configure your own DNS server, if possible) so that "blah.mysite.com" goes to the site, but that is not available on the internet. Obviously you'd only make the site accessible when using that hostname (and not the IP).
That depends on what you mean by "best": for example, do you mean "easiest" or "most secure"?
The best way might be to have it on a private network, which you attach to via VPN.
I do this frequently. I use Hamachi to allow them to access my dev box so they can see whats going on. they have access to it when they want , and/or when I allow. When they are done I evict them from my Hamachi network and change the password.
Hamachi is a software VPN. Heres a link to Hamachi - AKA LogMeIn
Hamachi
They have a free version which works quite well.
Of course, there's nothing wrong with Windows auth. There are couple of (not too big) drawbacks, though:
your website auth scheme is different from the final product.
you are giving them more access to the box they really need.
you automatically reimaging the machine and redeploying the website is more complex, as you have to automate the windows account creation.
I would suggest two alternatives:
to do whatever auth you plan on doing in the final website and make sure all pager require auth
do a token cookie based auth - send them a link that sets a particular token in a cookie and in your website code add quick check for that token before you even go to the regular user auth
If you aren't married to IIS, and you need developers to be able to change the content, I would consider Apache + SSL + WebDav (aka Web Folders). This will allow you to offer a secure sandbox where developers can change and view the content without having user accounts on the server.
This setup requires some knowledge of Apache so it only makes sense if you are already using Apache or if you frequently need to provide outsiders access to your web server.
First useful link I found on the topic: http://pascal.thivent.name/2007/08/howto-setup-apache-224-webdav-under.html
Why don't you just set up an NTFS user and assign it to the website (and remove anonymous access)