[Dovecot] securing dovecot proxy connections
Marcin Michal Jessa
lists at yazzy.org
Thu Sep 6 08:28:06 EEST 2007
WJCarpenter wrote:
> wjc> Is there a way to configure dovecot's internal proxy connections
> wjc> to use STARTTLS or some other SSL/TLS level of security?
> wjc> (Without a
>
> mmj> Just create encrypted tunnel between the peers and send your
> mmj> traffic through it. IPSec, ssh etc..
>
> Thanks for the suggestion. I had thought of that, but all my
> front-end servers are also back-end servers. (I'm just letting the
> users come in on any server -- usually the correct one -- and want to
> transparently connect them to the correct back-end if they happen to
> come into the wrong server.) So, even with just 5 servers, that's 20
> tunnels to keep afloat through reboots, etc. In principle no problem,
> but it's a lot of balls in the air.
>
In that case you could add VLAN trunks between them to separate
connections from the rest of the network.
You would tunnel your server traffic in VLANs and noone would be able to
sniff it.
This is probably the quickest and most robust way to do this on a LAN
not involving any security protocols.
Marcin.
More information about the dovecot
mailing list