[Dovecot] the most serius problems [part 3]

Fri May 30 17:36:07 EEST 2003

On Thu, 29 May 2003, Robert Spier wrote:

> > BTW. OpenSSL problems can be fixed by using GNUTLS instead. I'll try to
> > figure out the openssl some day though.
> 
> Or, if you don't need STARTTLS, you can use stunnel.

Even if you do need STARTTLS, you can still use stunnel, albiet a slightly
modified one. Scott Gifford wrote the patches, which can be found here:

http://www.suspectclass.com/~sgifford/stunnel-tlsproxy/stunnel-tlsproxy.html

Here's my supervise run script:

#!/bin/sh

eval $(/usr/local/bin/envdir ./runenv /usr/bin/env)

exec 2>&1
# Ensure that PRNG is adequately seeded.
[ -s ./ssl/seed ] ||\
  /usr/local/bin/envuidgid stunnel \
    /bin/dd if=/dev/urandom of=./ssl/seed bs=1k count=1
exec \
  softlimit -m "${ulimitdata:-20000000}" \
    tcpserver -d \
      -H \
      -R \
      -v \
      -X \
      -c "${concurrency:-20}" \
      -x imap.tcprules.cdb \
      0 imap \
	makesock \
	  stunnel \
	    -/ ssl \
	    -s "$SSLUID" \
	    -g "$SSLGID" \
	    -N imap \
	    -i \
	    -R seed \
	    -p imapd.pem \
	    -n imap- \
	    -f \
	    -F 3 \
	    -makesock_connect_to \
	      /usr/local/bin/envdir ./imapfront.env \
		/usr/bin/imapfront-auth \
		  "${imapdpath:-/usr/libexec/dovecot/imap}"

--
Charlie Brady                         charlie_brady at mitel.com