Am 08.12.2014 um 19:41 schrieb List:
I have a Dovecot cluster which is on separate machines from my webmail/caldav/cardav cluster, and I currently have the system setup with ssl = required. Unfortunately the caldav/cardav server I am running doesn't support STARTTLS so I was wondering if there is a way to still enforce ssl for every connection with the exception of a certain subnet, or if there is a better way to accomplish this without install a local install of Dovecot on each of my caldav/cardav servers.
perhaps this helps
http://wiki2.dovecot.org/SSL/DovecotConfiguration?highlight=%28trusted%29
There are a couple of different ways to specify when SSL/TLS is required:
disable_plaintext_auth=yes allows plaintext authentication only whenSSL/TLS is used first.
ssl = required requires SSL/TLS also for non-plaintext authentication.
If you have only plaintext mechanisms enabled (auth { mechanisms =plain login } ), you can use either (or both) of the above settings. They behave exactly the same way then.
Note that plaintext authentication is always allowed (and SSL not required) for connections from localhost, as they're assumed to be secure anyway. This applies to all connections where the local and the remote IP addresses are equal. Also IP ranges specified by login_trusted_networks setting are assumed to be secure.<<<<
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein