Modifying Cyrus IMAP to ease a migration to Gmail?

Wed Oct 3 10:51:06 EDT 2012

This may be a question more geared toward the developers of Cyrus, but I
figured I'd start with this list.

Some background information & context:

I work at an organization with a Cyrus Murder cluster that contains several
hundred thousand mail accounts.  We're beginning the process of migrating
these accounts to Google's Gmail.  (No fault of Cyrus' as a product, but
we've decided as an organization that we don't want to be supporting all
those users and maintaining over 10TB of imap data stores.  That said,
Cyrus works quite well at that scale.)

Anyway, so the consulting company we're working with to help us with the
migration is using Google's GAMME tool.  It's a mail migration tool that
works with Exchange and IMAP servers to pull the data out of the old mail
servers and into Google's servers.  It's a pretty limited program, and
unfortunately, for it's IMAP support is more limited than we'd like.  The
GAMME tool takes simple lists of users, in a formatted text file, and uses
that information to login as each user on the IMAP server and then copy all
their mail onto the Google server.  The problem with that is it needs the
plain-text passwords for all the existing users to be able to log into the
IMAP server.

Now, like any sane organization, we don't keep track of our users'
passwords in plain-text, so we can't generate these user lists that GAMME
wants.  And we also are unwilling to say, reset over a half a million user
account passwords with ones we would then know.

What I'm thinking of doing:

To get around this problem what I would like to do is to setup a custom
Cyrus front-end server.  The front end server would be isolated on our
network and only be able to talk to the other relevant Cyrus servers and to
the systems we have running the GAMME tool.  For the custom front-end
server I think it should be possible to modify the source code that handles
the authorization to bypass the normal process.  I want the customized
server to allow connections to the individual accounts on the back end data
store servers using either a specific hard coded password or to just allow
authentication with any password.  Is something that would work given the
Cyrus Murder architecture, and if so, which source code files for Cyrus
contain the relevant authorization routine(s) that would need to be changed?

Or, alternatively, if any of you have firsthand experience migrating from
large scale Cyrus IMAP environments to Google's Gmail and know of alternate
ways to go about doing it than using Google's GAMME, I'd be interested in
hearing how you went about doing it.

Thanks!

Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20121003/f4300bba/attachment-0001.html 