On 28.1.2014, at 5.28, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
Le Monday 27 January 2014 à 12:08 -0500, Steve Litt a écrit :
I read in some docs somewhere that Dovecot automatically trusts anything on localhost. If you're telnetting into it from the same physical computer that hosts the port, try telnetting into it from a different physical computer with a different IP address and see if you can still telnet in.
I've tried from localhost and another computer. In both tries, the connection is made without ssl.
Hmm, maybe "internal" sockets do not utilize SSL at all? Just IMAP/POP/ManageSieve?
Pretty much, yeah. I guess some day the code should be changed so everything supports it automatically. Currently if SSL auth socket is wanted it would require adding something like 30 lines of code I think (if anyone wants to try, doveadm's code should be helpful in seeing how it's done).