[Dovecot] Requiring STARTTLS only on some networks

Pascal Volk user+dovecot at localhost.localdomain.org
Fri May 7 18:07:58 EEST 2010


On 05/07/2010 04:35 PM Phil Howard wrote:
> Do these "remote sections" need to be in a specific place in the config
> file, or can they just be put where the (global) disable_plaintext_auth is
> located?

The latter one, where the global disable_plaintext_auth is located,

> Do you know if the remote address gets passed from Postfix on to Dovecot
> through the authentication connection (when Dovecot is doing the
> authentication for Postfix mail submission) so that these same remote rules
> apply?

Hm, doesn't look so, as if Postfix would forward this info (remote host)
to Dovecot. Even when I connect from a 'disable_plaintext_auth = no
network' to Postfix (2.6.5), Postfix offers:
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5

But the SSL/TLS state should be forwarded from Postfix to Dovecot:
http://www.mail-archive.com/postfix-users@postfix.org/msg10590.html


Regards,
Pascal
-- 
The trapper recommends today: 5e1f1e55.1012716 at localdomain.org


More information about the dovecot mailing list