[Dovecot] securing dovecot proxy connections
Ken A
ka at pacific.net
Thu Sep 6 17:39:58 EEST 2007
WJCarpenter wrote:
> ka> per another current thread (o/s tuning for imap), I've installed
> ka> imapproxy, and it supports starttls to the backend imap server. It
> ka> doesn't use encryption on the incoming connections though, since
> ka> they are presumably from localhost (squirrelmail). Ken
>
> That's an interesting thought. Have you actually gotten its STARTTLS
> to work? I tried it a couple days ago with no luck, but maybe I just
> didn't try hard enough.
I had a bit of trouble with it as well. I set it to connect to the
dovecot on 993 and listen on 143 locally. That had an odd effect. It
connected to dovecot, but failed to LISTEN locally, and nothing was
logged about this failure! After trying various other things, I changed
the settings to 143 for both and it worked. Then I set "force tls =
yes", pointed the config options at the bottom of the config file to
valid cert,ca,key, etc.. and yes, it works great. tcpdump verifies that
it's using TLS now.
Ken
--
Ken Anderson
Pacific.Net
More information about the dovecot
mailing list