[Dovecot] securing dovecot proxy connections

Ken A ka at pacific.net
Thu Sep 6 17:39:58 EEST 2007


WJCarpenter wrote:
> ka> per another current thread (o/s tuning for imap), I've installed
> ka> imapproxy, and it supports starttls to the backend imap server. It
> ka> doesn't use encryption on the incoming connections though, since
> ka> they are presumably from localhost (squirrelmail).  Ken
> 
> That's an interesting thought.  Have you actually gotten its STARTTLS
> to work?  I tried it a couple days ago with no luck, but maybe I just
> didn't try hard enough.

I had a bit of trouble with it as well. I set it to connect to the 
dovecot on 993 and listen on 143 locally. That had an odd effect. It 
connected to dovecot, but failed to LISTEN locally, and nothing was 
logged about this failure! After trying various other things, I changed 
the settings to 143 for both and it worked. Then I set "force tls = 
yes", pointed the config options at the bottom of the config file to 
valid cert,ca,key, etc.. and yes, it works great. tcpdump verifies that 
it's using TLS now.

Ken


-- 
Ken Anderson
Pacific.Net


More information about the dovecot mailing list