Securing postfix to dovecot (SASL) auth
Peter
peter at pajamian.dhs.org
Wed Sep 27 13:21:24 EEST 2017
On 27/09/17 20:35, Thomas Bauer wrote:
> service auth {
> inet_listener{
> address=192.0.0.1
> port=10001
> ssl=yes
> }
> }
ssl=yes is not documented to work for the auth service and it's highly
likely that it is simply ignored.
> -o smtpd_tls_security_level=encrypt
This definitely does not do what you think it does. This setting is for
the smtpd server, not the SASL client. It will enforce TLS between the
MUA (email client) and postfix. It does not affect the connection
between postfix and the dovecot SASL server at all.
The only way to encrypt the connection between postfix and dovecot SASL
is to use a tunnel.
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20170927/56d62ecf/attachment.sig>
More information about the dovecot
mailing list