The port is determined with port=nnn setting. You can't return per-protocol port like that, you need to look at the protocol requested by user and return port based on that, or you can omit port to default into "standard port".
not using ssl/starttls is default.
On 17 September 2018 at 16:35 Alexander Chekalin alexander.chekalin@gmail.com wrote:
Thank you!
Ok, so I can omit ssl=no and startssl=no, and this results in default settings for ssl which is 'off'? Or the defaults are 'on' anyway?
Can I somehow specify ports on remote hosts that proxy will use to connect to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop=10.1.1.1:110' or somehow?
On Mon, Sep 17, 2018 at 4:33 PM Aki Tuomi aki.tuomi@dovecot.fi wrote:
Due to certain design issues, the ssl=no is actually same as ssl=yes, same goes for starttls=no. So there is no support actually for "ssl=no" at this moment.
Aki
On 17 September 2018 at 15:32 Alexander Chekalin < alexander.chekalin@gmail.com> wrote:
Surely.
Here it is:
# doveadm auth user@domain.com Password: passdb: chekalin_krg@ascon.ru auth succeeded extra fields: user=user@domain.com proxy host=10.10.14.131 ssl=no startssl=no source_ip=10.10.14.2 proxy proxy pass=password
Two "proxy" are from two "proxy" and "proxy=yes" settings passed from passdb.
On Mon, Sep 17, 2018 at 3:03 PM Aki Tuomi aki.tuomi@dovecot.fi wrote:
Can you provide output of
doveadm auth test some-user Aki
On 17.09.2018 14:58, Alexander Chekalin wrote:
Dear Aki,
we keep our users in LDAP so I when I even return 'proxy host=backend_ip tls=no' it won't use non-TLS connection. The same is when I remove 'tls=no' part. May there be any extra things I need to pass when I use LDAP?
On Mon, Sep 17, 2018 at 2:07 PM Aki Tuomi aki.tuomi@dovecot.fi wrote:
On 17.09.2018 13:59, Alexander Chekalin wrote:
Hi,
I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to
backends.
You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this
is
why I don't want to use TLS to acces backends.
But as I did the test setup I can see proxy Dovecot uses TLS to connect to backends. Is there any way I can specify this aspect of Dovecot proxy?
Please advice!
Yours, Alexander
Dovecot does not use TLS/SSL when connecting to a backend server by default, you are probably specifying this in your proxy config or password database.
Aki