Client side modifications

To test out the server-side modifications it was necessary to produce a netAuth-enabled MVA. Rather than port an existing MVA, such as Thunderbird, we instead built a netAuth proxy. This has several advantages, including portability to systems which do not allow kernel modifications and ability to support a wide variety of MVAs without doing multiple ports. The proxy presented the least invasive approach.

The proxy binds to the IMAP (or POP) port on the localhost. The events to setup a new connection:

• proxy binds to the privileged IMAP port and waits blocking for connection request.
• when a new connection request comes in from the MVA, the proxy authenticates the MVA. Once authenticated, the proxy initiates communication with the dovecot server using the connect_by_user system call.
• Once connected, the proxy just forwards messages to and from the MVA.