27 Sep
2017
27 Sep
'17
1:21 p.m.
On 27/09/17 20:35, Thomas Bauer wrote:
service auth { inet_listener{ address=192.0.0.1 port=10001 ssl=yes } }
ssl=yes is not documented to work for the auth service and it's highly likely that it is simply ignored.
-o smtpd_tls_security_level=encrypt
This definitely does not do what you think it does. This setting is for the smtpd server, not the SASL client. It will enforce TLS between the MUA (email client) and postfix. It does not affect the connection between postfix and the dovecot SASL server at all.
The only way to encrypt the connection between postfix and dovecot SASL is to use a tunnel.
Peter