Hi,
i have a problem with dovecot 2.0.13.
I have one dovecot in Front-end that has only:
passdb { driver = static args = proxy=y host=10.0.0.6 nopassword=y }
In Back-end i have one dovecot that does auth and exports imap/pop3 ports.
In dovecot's log of Front-end i see:
/Apr 02 14:33:34 imap-login: Info: proxy(//user@example.com/ mailto:amministrazionevendite@pec.gmatica.it/): started proxying to 10.0.0.6:143: user=mailto:amministrazionevendite@pec.gmatica.it/>, method=PLAIN, rip=//xx.xx.xx.xx//, lip=xx.xx.xx.xx, TLS Apr 02 14:34:36 imap-login: Info: Disconnected: *Connection queue full *(auth failed, 1 attempts): user=mailto:amministrazionevendite@pec.gmatica.it/>, method=PLAIN, rip=//xx.xx.xx.xx//, lip=//xx.xx.xx.xx//, TLS/
I see this wiki page: http://wiki2.dovecot.org/LoginProcess but i read:
It works by using a number of long running login processes, each handling a number of connections. This loses much of the security benefits of the login process design, because in case of a security hole (in Dovecot or SSL library) the attacker is now able to see other users logging in and steal their passwords, read their mails, etc.
Is there another way?
Thanks