search

mscdex / node-imap

An IMAP client module for node.js.
MIT License
2.14k stars 379 forks source link

How can I use of the ID extension (RFC 2971) before authentication? #876

Open jonmz opened 2 years ago

jonmz commented 2 years ago

As far as I understand it, node-imap supports the IMAPv4 ID extension as implemented via https://github.com/mscdex/node-imap/pull/307 even if it's not documented in the README.

However I'm not sure how to actually use it.

My current use case is: I am a proxy for some clients, and my IMAP server supports penalties for failed authentications - per IP. For sure I don't want my IP to be penalized for failed logins, but rather the original client IP.

The IMAP server is configured to trust my IP which effectively allows me to provide the original client IP by means of 0 ID ("x-original-ip" "1.2.3.4") - this works fine if done manually in an IMAP session.

The thing is: This has to be sent before authentication in order to hit the original client IP with penalties. This means that after calling connect() it's already too late to send ID information because authentication and thus penalties have already happened at this stage. I cannot send ID information earlier because there is no connection before.

Any hints on how I can make actual use of the ID extension? From my perspective it could make sense to provide the necessary data as part of the config and have the connect() function send them before authentication is done. Does this make sense?

Saco93 commented 1 year ago

As far as I understand it, node-imap supports the IMAPv4 ID extension as implemented via #307 even if it's not documented in the README.

However I'm not sure how to actually use it.

My current use case is: I am a proxy for some clients, and my IMAP server supports penalties for failed authentications - per IP. For sure I don't want my IP to be penalized for failed logins, but rather the original client IP.

The IMAP server is configured to trust my IP which effectively allows me to provide the original client IP by means of 0 ID ("x-original-ip" "1.2.3.4") - this works fine if done manually in an IMAP session.

The thing is: This has to be sent before authentication in order to hit the original client IP with penalties. This means that after calling connect() it's already too late to send ID information because authentication and thus penalties have already happened at this stage. I cannot send ID information earlier because there is no connection before.

Any hints on how I can make actual use of the ID extension? From my perspective it could make sense to provide the necessary data as part of the config and have the connect() function send them before authentication is done. Does this make sense?

I found a blog talking about this and figuring out a usage. Check this out By the way, it's in Chinese, so you may need to use some translation tools.