Thank you!
Ok, so I can omit ssl=no and startssl=no, and this results in default settings for ssl which is 'off'? Or the defaults are 'on' anyway?
Can I somehow specify ports on remote hosts that proxy will use to connect to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop=10.1.1.1:110' or somehow?
On Mon, Sep 17, 2018 at 4:33 PM Aki Tuomi aki.tuomi@dovecot.fi wrote:
Due to certain design issues, the ssl=no is actually same as ssl=yes, same goes for starttls=no. So there is no support actually for "ssl=no" at this moment.
Aki
On 17 September 2018 at 15:32 Alexander Chekalin < alexander.chekalin@gmail.com> wrote:
Surely.
Here it is:
# doveadm auth user@domain.com Password: passdb: chekalin_krg@ascon.ru auth succeeded extra fields: user=user@domain.com proxy host=10.10.14.131 ssl=no startssl=no source_ip=10.10.14.2 proxy proxy pass=password
Two "proxy" are from two "proxy" and "proxy=yes" settings passed from passdb.
On Mon, Sep 17, 2018 at 3:03 PM Aki Tuomi aki.tuomi@dovecot.fi wrote:
Can you provide output of
doveadm auth test some-user Aki
On 17.09.2018 14:58, Alexander Chekalin wrote:
Dear Aki,
we keep our users in LDAP so I when I even return 'proxy host=backend_ip tls=no' it won't use non-TLS connection. The same is when I remove 'tls=no' part. May there be any extra things I need to pass when I use LDAP?
On Mon, Sep 17, 2018 at 2:07 PM Aki Tuomi aki.tuomi@dovecot.fi wrote:
On 17.09.2018 13:59, Alexander Chekalin wrote:
Hi,
I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to
backends.
You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this
is
why I don't want to use TLS to acces backends.
But as I did the test setup I can see proxy Dovecot uses TLS to connect to backends. Is there any way I can specify this aspect of Dovecot proxy?
Please advice!
Yours, Alexander
Dovecot does not use TLS/SSL when connecting to a backend server by default, you are probably specifying this in your proxy config or password database.
Aki