Hi Aki,
On 10.02.20 17:03, Aki Tuomi wrote:
Try setting
login_trusted_networks = lb-ip/32
See https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networ...
I do have login-trusted_networks set already. Along with the proxy protocol (haproxy_trusted_networks = lb-ip) I had to set login_trusted_networks to 0.0.0.0/0 actually because the proxy protocol tells dovecot the real clients' IP address and that IP adders is the one actually evaluated for login_trusted_networks. With the plain authentication being done inside the load balancer's TLS connection this is more or less obvious that this is needed in that case.
But those settings don't change the pity: ssl=no is globally required to make the starttls options disappear for imap-login - but with ssl=no globally I don't see a possibility to enable the starttls option for other services like managesieve for example.
Thanks Björn