[Vmail-discuss] IMAP and vmail-sql

Paul Warren pdw@xxxxxxxxxxxxx
Tue, 19 Feb 2002 10:40:35 +0000


On Tue, Feb 19, 2002 at 11:23:12AM +0100, Marcin Sochacki wrote:
> On Tue, Feb 19, 2002 at 09:09:00AM +0000, Paul Warren wrote:
> > Out of interest, why do you need an IMAP server rather than a POP3
> > server?
> 
> Because one can find a lot of good webmail applications for IMAP, contrary
> to POP3-based ones.

One of the main reasons for this being the limits of POP3 vs IMAP.

> >  Any IMAP server that did support it would be fairly restricted
> > - only one mail folder - so there wouldn't be much of a gain over using
> > POP3.
> 
> Why limit to only one mailfolder? One could have the server create
> folders like this:
> $folder_path = $mailbox_path . '@' . $folder_name;
> e.g. my login is 'wanted' and I have to folders: Sent and Trash:
> /var/mail/example.com/wanted@Sent
> /var/mail/example.com/wanted@Trash
> '@' can be changed to some other character if you want.

Yes, this much is not impossible to overcome, but requires the
cooperation of the IMAP server.

> > We've talked over the possibilities of doing virtual IMAP accounts a few
> > times, but have never come to any stunningly good solutions.
> 
> Writing a new IMAP server seems to be quite a big task. But maybe just
> adding support for Vmail to some existing IMAP daemon is not that
> difficult?  Even if it's not as pure solution as writing one from scratch,
> it might be very useful feature for ISPs.

We considered this.  There are a few problems:
1. We don't want to ever touch the wu-imapd code again.  It stinks.
2. To do so would place security requirements on the IMAP server that it
was never designed to achieve.  Specifically, the IMAP server would run
as the same UNIX user when serving up different virtual user accounts.
We would be relying on the IMAP server to ensure that users can't read
each others mail, but the IMAP server was never designed with this in
mind.  Given wu-imapd's absymal security record, it seems unlikely that
this would ever be secure.

Hence the write-from-scratch approach.

FWIW I am currently putting the finishing touches to the initial release
of our (IMAP-based) webmail program, remail.   Once we get this up and
running, I suspect that we will be looking more actively at solving the
virtual webmail problem.

Paul