[clug] Using mod_proxy_connect for imaps

Edward C. Lang edlang at tsumakin.net
Fri Sep 17 05:02:30 GMT 2004


Martin Pool wrote:
> On 17 Sep 2004, "Edward C. Lang" <edlang at tsumakin.net> wrote:
> >I see binary gar in the apache2 error log:
> >
> >[Wed Sep xx xx:xx:xx 2004] [error] [client aaa.bbb.ccc.ddd] Invalid 
> > method in request \x16\x03\x01
> (because knowing what day you tried it would be a security problem...)

To be honest, I was more embarrassed by the timestamp -- so I figured I 
may as well delete the day as well.

> Apache wants an HTTP CONNECT request; mutt doesn't send that.  So you
> need to use some kind of proxy program that will generate the right
> header.

I was horribly confused by section in the HTTP1.1 RFC which describes 
the CONNECT request method: "This specification reserves the method name 
CONNECT for use with a proxy that can dynamically switch to being a 
tunnel". Riiight. That, combined with the apache2 documentation for 
mod_proxy_connect, made me a sad panda.

> Or, if you want this port to always be routed to the imap server, just
> use a port-forwarder like simpleproxy.

I'm connecting to the server on the basis of CNAMEs, which is why I'm 
currently persuing the apache2 path. (Actually, it turns out that 
dovecot can bind to a hostname instead of an IP address, but I've got a 
fairly large number of Cyrus mailboxes that I cannot be bothered to 
convert / import.)

For my next trick, I will use mod_proxy to conenct to an MTA. (Once 
again, CNAMEs. I wish iptables could do magic with the client's 
connection on the basis of hostnames.)

  >>Am I beating my head against a brick wall? Or is there a solution for
>>this problem?
> Yes, and yes. :-)

I cannot lose!



More information about the linux mailing list