Dovecot version 2.3.19.1 (9b53102964) Postfix version 3.5.18
We have a Postfix server that runs on a VPS with a hosting company and a Dovecot IMAP server that runs at the office.
We want Postfix to push the mail it receives to the Dovecot IMAP server, using the least amount of intermediate software. This transfer occurs over the open internet.
LMTP over TCP seems like a great solution, *if* it can be secured. But I'm not finding documentation on how to actually setup something like two-way TLS over LMTP.
Is there any setting in Dovecot where I can set a remote IP address (or hostname) that will be the only address that Dovecot's LMTP accepts connections from?
My current configuration options for LMTP in Dovecot look like:
protocol lmtp { ssl_cert = }
service lmtp { user = vmail inet_listener lmtp { address = * :: port = 24 } }
With these settings, I can telnet from the Postfix server to the Dovecot server with LMTP, and I'm not convinced there is any encryption actually enabled or any TLS verification going on.
Is there any reasonable security that can be setup to make this safe (within Dovecot and Postfix settings, not using VPNs and SSH tunnels)?
If so, how?