WJCarpenter wrote:
wjc> Is there a way to configure dovecot's internal proxy connections wjc> to use STARTTLS or some other SSL/TLS level of security? wjc> (Without a
mmj> Just create encrypted tunnel between the peers and send your mmj> traffic through it. IPSec, ssh etc..
Thanks for the suggestion. I had thought of that, but all my front-end servers are also back-end servers. (I'm just letting the users come in on any server -- usually the correct one -- and want to transparently connect them to the correct back-end if they happen to come into the wrong server.) So, even with just 5 servers, that's 20 tunnels to keep afloat through reboots, etc. In principle no problem, but it's a lot of balls in the air.
In that case you could add VLAN trunks between them to separate connections from the rest of the network. You would tunnel your server traffic in VLANs and noone would be able to sniff it. This is probably the quickest and most robust way to do this on a LAN not involving any security protocols.
Marcin.