17 Sep
2018
17 Sep
'18
2:52 p.m.
On Sep 17, 2018, at 6:59 AM, Alexander Chekalin <alexander.chekalin@gmail.com> wrote:
Hi,
I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends.
You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this is why I don't want to use TLS to acces backends.
A better security practice would be to also use TLS to the backend. You want a defense in depth rather than a "crunchy shell around a soft, chewy center."
Jim