[Dovecot] the most serius problems [part 3]
Charlie Brady
charlieb-dovecot at e-smith.com
Fri May 30 17:36:07 EEST 2003
On Thu, 29 May 2003, Robert Spier wrote:
> > BTW. OpenSSL problems can be fixed by using GNUTLS instead. I'll try to
> > figure out the openssl some day though.
>
> Or, if you don't need STARTTLS, you can use stunnel.
Even if you do need STARTTLS, you can still use stunnel, albiet a slightly
modified one. Scott Gifford wrote the patches, which can be found here:
http://www.suspectclass.com/~sgifford/stunnel-tlsproxy/stunnel-tlsproxy.html
Here's my supervise run script:
#!/bin/sh
eval $(/usr/local/bin/envdir ./runenv /usr/bin/env)
exec 2>&1
# Ensure that PRNG is adequately seeded.
[ -s ./ssl/seed ] ||\
/usr/local/bin/envuidgid stunnel \
/bin/dd if=/dev/urandom of=./ssl/seed bs=1k count=1
exec \
softlimit -m "${ulimitdata:-20000000}" \
tcpserver -d \
-H \
-R \
-v \
-X \
-c "${concurrency:-20}" \
-x imap.tcprules.cdb \
0 imap \
makesock \
stunnel \
-/ ssl \
-s "$SSLUID" \
-g "$SSLGID" \
-N imap \
-i \
-R seed \
-p imapd.pem \
-n imap- \
-f \
-F 3 \
-makesock_connect_to \
/usr/local/bin/envdir ./imapfront.env \
/usr/bin/imapfront-auth \
"${imapdpath:-/usr/libexec/dovecot/imap}"
--
Charlie Brady charlie_brady at mitel.com
More information about the dovecot
mailing list