Skip to content

nathanaelle/shitenno

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
conf
conf
 
 
debian
debian
 
 
src
src
 
 
.gitmodules
.gitmodules
 
 
Makefile
Makefile
 
 
ReadMe.markdown
ReadMe.markdown
 
 

Repository files navigation

Shitenno

What is Shitenno ?

Shitenno is an unification proxy for postfix, dovecot and nginx mail.

Use Case

The use case is mainly for distributed servers as VPS with imap nginx proxy on some VPS, postfix SMTP on others with a virtual users.

The common solution are :

  • cron replication of user file backed database
  • a common database like MySQL, LDAP

These solutions implies :

  • a lot of scripts
  • a lot of SPoF and failure sources
  • Strong coupling between the database and each app
  • With great complexity comes lots of bugs and security issues

with shitenno, you have :

  • a proxy for each 3rd party's api, which abstract them in a single HTTP API
  • upstart, runit or systemd that can spawn the process
  • a loose coupling between database schema and each 3rd party schema constraint
  • less complexity
  • 1 SPoF that can be respawned by upstart, runit or systemd

Main goals

  • postfix socketmap
  • dovecot proxy dict
  • nginx mail auth
  • HTTP client
  • HTTPS OCSP verification
  • HTTPS SNI verification
  • HTTPS HPKP verification
  • Logging with syslog5424
  • Health monitoring
  • HTTP Caching
  • TLS Client Certificate
  • Custom CA pool

Security Statements

  • this code was audited 0 time

Shitenno Configuration

For the full options list see conf/shitenno.conf

Minimal config for postfix

RemoteURL = "https://remote.tld/path/"

[Postfix]

Minimal config for postfix and nginx

RemoteURL = "https://remote.tld/path/"

[Postfix]

[Nginx]

Tierce Configuration

Postfix

transport_maps		= proxy:socketmap:unix:/var/run/shitenno-postfix:verb1
virtual_alias_maps	= proxy:socketmap:unix:/var/run/shitenno-postfix:verb2

Dovecot

uri = proxy:/var/run/shitenno-dovecot:somewhere

Nginx

http {
	upstream shitenno {
		server	unix:/var/run/shitenno-nginx;
	}

	server {
		listen		127.0.0.1:1234;
		location	/auth_imap {
			proxy_pass      http://shitenno;
		}
	}
}

mail {
	auth_http	localhost:1234/auth_imap;
}

HTTP backend

the HTTP Backend is declared in field RemoteURL.

for each request from nginx, dovecot, postfix, a the request is rewritten as a JSON and POSTed to the backend.

Common Request

{
        "Verb": "verb1",
        "Object": query_payload
}

Common Reply

{
        "Verb": "verb1",
        "Object": query_payload,
        "Status": "OK" or "KO",
        "Data": reply_payload
}

Postfix

the verb is the table name in the configuration.

the query payload and reply payload are always a string as described in http://www.postfix.org/postmap.1.html.

Dovecot

the verb is : userdb or passdb.

the query payload are :

{
        "Context": some dovecot context,
        "Object": object requested
}

the reply payload are ad-hoc reply for userdb or passdb query verb as in http://wiki2.dovecot.org/AuthDatabase/Dict.

Nginx

the verb is always nginx.

the query payload and reply payload are JSON as described in http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol.

License

2-Clause BSD

Todo

  • write comments

About

unified auth for nginx mail / postfix / dovecot

Topics

go nginx golang http postfix auth dovecot

Resources

Readme
Activity

Stars

16 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

first release Latest
Dec 26, 2017

Packages

No packages published

Languages