Required SSL with exceptions
Robert Schetterer
rs at sys4.de
Mon Dec 8 19:45:56 UTC 2014
Am 08.12.2014 um 19:41 schrieb List:
> I have a Dovecot cluster which is on separate machines from my
> webmail/caldav/cardav cluster, and I currently have the system setup
> with ssl = required. Unfortunately the caldav/cardav server I am
> running doesn't support STARTTLS so I was wondering if there is a way to
> still enforce ssl for every connection with the exception of a certain
> subnet, or if there is a better way to accomplish this without install a
> local install of Dovecot on each of my caldav/cardav servers.
perhaps this helps
http://wiki2.dovecot.org/SSL/DovecotConfiguration?highlight=%28trusted%29
There are a couple of different ways to specify when SSL/TLS is required:
disable_plaintext_auth=yes allows plaintext authentication only when
SSL/TLS is used first.
ssl = required requires SSL/TLS also for non-plaintext authentication.
If you have only plaintext mechanisms enabled (auth { mechanisms =
plain login } ), you can use either (or both) of the above settings.
They behave exactly the same way then.
Note that plaintext authentication is always allowed (and SSL not
required) for connections from localhost, as they're assumed to be
secure anyway. This applies to all connections where the local and the
remote IP addresses are equal. Also IP ranges specified by
login_trusted_networks setting are assumed to be secure.<<<<
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot
mailing list