909-546-4700

Example of using Apache to fix Ipswitch IMail

Suppose we have an Ipswitch IMail server installed at IMAIL-SERVER-NAME, and it is using port IMAIL_SERVER-PORT to support web access to the mail boxes. This is generally used to allow folks to read their email while on travel.

One problem is that you may be trying to check your email from a browser (possibly located at a client office) that is behind a firewall that does not allow access to the port used by your IMail server.

Another problem is that IMail does not support https, so the mailbox passwords will be passed in the clear over the open internet, as will the entire content of the mail messages. This may expose a lot of stuff that would not be exposed if you read your mail from a normal client attached to your local network. The solution is to use https/SSL to encrypt all the communication between your browser and some machine on your local network.

Suppose you have a Linux/Apache box on the same local network as your NT IMail server. By adding

  RewriteRule ^/X(.*)         /mail/X$1 [PT]
  RewriteRule ^/login(.*)cgi$ /mail/login$1cgi [PT]
  ProxyPass        /mail  http://imail-server-name:imail-server-port/
  ProxyPass        /mail/ http://imail-server-name:imail-server-port/
  ProxyPassReverse /mail/ http://imail-server-name:imail-server-port/

we can now use https://apache-server/mail to talk SSL to the apache server on the standard https (443) port which all firewalls should support.. It will do the appropriate rewriting and pass the requests on to the NT IMail server on the nonstandard port. Note what we don't need to go thru a firewall on a nonstandard port. The communications between the Apache and IMail servers won't be encrypted, but that is on your local (presumably secure) network. The communication between your browser client and the Apache server runs over SSL, so the mailbox password and contents are not exposed to the open internet. Of course, mail that arrived from sources other than your local network have already traversed the open internet in the clear. This scheme cannot recover lost privacy - it can only preserve existing privacy.

Try doing that with MS IIS. I am sure it is possible with some custom ASP script, but I don't think it is as easy as those five config lines above.