On 14/5/23 23:29, Daniel Miller via
dovecot wrote:
I only allow explicit service traffic through.
IMAPS, SMTPS, etc. If doveadm is communicating via the IMAP(S)
ports then all I can do via firewall is block countries. Which
of course I can but I'm asking about any additional hardening
for Dovecot itself.
You can set up a doveadm service that
requires client certificates
service doveadm {
inet_listener {
port = 12345
}
ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_verify_client_cert = yes
auth_ssl_require_client_cert = yes
}