[Dovecot] Question about dovecot imap proxy
Monika Janek
mjanek at sidefx.com
Thu Apr 29 18:09:41 EEST 2010
Hi everyone!
I have dovecot (1.2.11) on one our external mail servers acting as a
proxy. The client (ifor now, my iphone) connects fine via ssl to the
external mailserver but I can't seem to get a secure connection now to
the internal destination imap server (between external mail server and
internal imap server, it's going through port 143). Running tcpdump, I
can clearly see my password being transmitted on our internal network. I
read the addition to the documentation about dovecot proxy but I'm not
sure where to add these variables:
In v1.2.rc4+ the connections to destination server can be TLS/SSL
encrypted by returning:
*
ssl=yes: Use SSL and require a valid verified remote certificate.
*WARNING: Unless used carefully, this is an insecure setting!*
Currently host must be an IP address, so this setting accepts any
certificate signed by a trusted CA. The host name isn't checked in
any way against the certificate's CN. The only way to use this
securely is to only use and allow your own private CA's certs,
anything else is exploitable by a man-in-the-middle attack.
* ssl=any-cert: Use SSL, but don't require a valid remote certificate.
* starttls: Use STARTTLS command instead of doing SSL handshake
immediately after connected.
Can anyone point me in the right direction? Thanks so much! :)
--
Monika Janek
Systems Administrator, Side Effects Software
Toronto, Ontario Canada
416-504-9876 x207 www.sidefx.com
More information about the dovecot
mailing list