On 28/05/2020 19:08 patosec <patosec@freedaten.at> wrote:


Hello again,

I did a lot of trial and error already, but I can't seem to find a way
to encrypt my dovecot director to dovceot mailbox traffic.
Is there a way to configure dovecot director to only use ssl/tls
encrypted connections for specific tagged mailbox clusters? (or all
clusters, in fact does not matter if it could be restricted to tags)
Looks like there is also no documentation available for this sort of
configuration.

I tried setting my mailbox nodes to "ssl = require" butt after doing so
I can't login through director proxy anymore.
It always looks like ssl/tls termination is finally done on director side.

Anyone tried this already or has a running setup doing encryption from
lets say frontend to backend?

Thanks, greetings
Patrick

Add to your director passdb attributes, ssl=any-cert or starttls=any-cert. See https://doc.dovecot.org/configuration_manual/authentication/proxies/
---
Aki Tuomi