On 4.2.2020 13.46, Heiko Schlittermann wrote:
Hi, I'm resending this message, still hoping for an answer.
Hello,
does dovecot support tls-on-connect for AF INET based auth-client sockets?
Rationale behind my question:
Exim can use the Dovecot auth-client socket to delegate the SMTP-AUTH authentication to Dovecot.
Currently Exim supports the AF UNIX only for this socket. Jeremy makes progress in extending this to use AF INET sockets too.
While it works with clear text communication already, during testing I was to setup the auch-client socket as an TLS server (tls-on-connect). It doesn't seem to work as I'd expect. The socket still offers clear-text only.
Here my configuration snippets regarding this socket
ssl = yes ssl_cert = </etc/dovecot/private/server.pem ssl_key = </etc/dovecot/private/server.pem
service auth { … unix_listener auth-client { group = _exim mode = 0660 } inet_listener auth-client { name = exim port = 4711 ssl = yes } }
SSL connections to :993 work as expected.
Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann
Hi!
This is not (yet) implemented. You can probably workaround with haproxy / stunnel for now.
Aki