Hi everyone! I have dovecot (1.2.11) on one our external mail servers acting as a proxy. The client (ifor now, my iphone) connects fine via ssl to the external mailserver but I can't seem to get a secure connection now to the internal destination imap server (between external mail server and internal imap server, it's going through port 143). Running tcpdump, I can clearly see my password being transmitted on our internal network. I read the addition to the documentation about dovecot proxy but I'm not sure where to add these variables:
In v1.2.rc4+ the connections to destination server can be TLS/SSL encrypted by returning:
*
ssl=yes: Use SSL and require a valid verified remote certificate.
*WARNING: Unless used carefully, this is an insecure setting!*
Currently host must be an IP address, so this setting accepts any
certificate signed by a trusted CA. The host name isn't checked in
any way against the certificate's CN. The only way to use this
securely is to only use and allow your own private CA's certs,
anything else is exploitable by a man-in-the-middle attack.
* ssl=any-cert: Use SSL, but don't require a valid remote certificate.
* starttls: Use STARTTLS command instead of doing SSL handshake
immediately after connected.
Can anyone point me in the right direction? Thanks so much! :)
-- Monika Janek Systems Administrator, Side Effects Software Toronto, Ontario Canada 416-504-9876 x207 www.sidefx.com