Re: Question about verbose_proctitle

13 Jul 2018 · *NOT*

      ...
On Jul 10, 2018, at 7:19 PM, J Doe general@nativemethods.com wrote:
Hello,
I have a question relating to the detail that the verbose_proctitle parameter enables for ps.
I have TLS configured for IMAP as follows:
/etc/dovecot/dovecot.conf
ssl = required
ssl_cert = 
ssl_key = 
   protocols = imap lmtp

   service imap-login {
       # Disable insecure IMAP over TCP 143
       inet_listener imap {
           port=0
       }
   }

   . . . 

   verbose_proctitle = yes
If I have a single MUA connect (Apple Mail in this case), I see:
$ ps aux | grep -i dovevot
   dovenull  5552  0.0  0.1  18820  5444 ?        S    18:53   0:00 dovecot/imap-login [1 connections (1 TLS)]
   vmail       5553  0.3  0.1  13612  4304 ?        S    18:53   0:00 dovecot/imap [user@example.com 1.2.3.4 IDLE]
The first part makes sense to me - imap-login is showing the user being connected via imap-login and with TLS.
The second part, however, shows the IMAP session with the username, IP address and IMAP command (IDLE),
but it does not state TLS.
Does this mean that I have logins for IMAP connections protected by TLS but the actual IMAP traffic (mail
contents, etc.), is *NOT* configured to use TLS ?  That is to say, IMAP traffic is flowing over port 993 without
TLS ?
From the wiki [1] it appears to state that I only have to configure TLS settings for IMAP if the IMAP protocol is
being secured via a *DIFFERENT* TLS certificate.
Is this correct ?
Thanks,

J

Sources:
[1] https://wiki2.dovecot.org/SSL/DovecotConfiguration
Hi,
I was able to partially answer my question, today.
I used tcpdump to record the traffic between a single client computer and the server running Dovecot and can confirm that all of the IMAP traffic to and from the server was over TLS 1.2 with the configuration I mentioned (see previous e-mail above).  This still makes me wonder, though, why Dovecot does not specify “TLS” when I use ps:
/etc/dovecot/dovecot.conf
    . . .
    verbose_proctitle = yes
    . . .

$ ps aux | grep -I dovevot

    dovenull  5552  0.0  0.1  18820  5444 ?        S    18:53   0:00 dovecot/imap-login [1 connections (1 TLS)]
    vmail       5553  0.3  0.1  13612  4304 ?        S    18:53   0:00 dovecot/imap [user@example.com 1.2.3.4 IDLE]
I’m aware that this is because the code does not state to specify “TLS” for the dovecot/imap [user@example.com 1.2.3.4 IDLE] line of output, but I’m curious as to why that decision was made ?
Thanks,

J