15 May
2023
15 May
'23
2:03 a.m.
On 14/5/23 23:29, Daniel Miller via dovecot wrote:
I only allow explicit service traffic through. IMAPS, SMTPS, etc. If doveadm is communicating via the IMAP(S) ports then all I can do via firewall is block countries. Which of course I can but I'm asking about any additional hardening for Dovecot itself.
You can set up a doveadm service that requires client certificates
service doveadm { inet_listener { port = 12345 } ssl = yes ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes }
Jeremy