Michael A. Peters mpeters@domblogger.net wrote:
Couldn't you run two different instances (with 2 separate run-time directories), each listening on a different port with their own SSL configuration??? Or would it clash somewhere?
If only a single running instance of dovecot is required, I guess you can run dovecot on the localhost interface, and use 2 stunnel proxies.
Honestly that violates the concept of KISS.
(Just to be clear, I'm not the OP.)
I agree -- if the OP can convince the user change mail readers, that would be better all around. However, some users will only let go of their mail reader when you pry it from their dead, cold fingers, and you'll be applying KISS in the social context. Doing a technical workaround is sometimes simpler than picking a fight with them. This has to be balanced with the security requirements.
Noel noeldude@gmail.com writes:
Strongly agree with this.?? If you have enough users that you have use both hands to count them, running different protocols on different ports is a sure-fire way to annoy your users and create problems for support staff (eg. you).?? Either allow the antique protocol everywhere, or give notice and cut it off.??
I'm not sure why users would be annoyed -- this is more or less transparent to them. If, however, you remove a TLS flavour and thereby break a previously working mail reader, you'll get the the definition of "annoyed" demonstrated when you explain to the user why you won't allow their beloved FoobyBletch5000 mail reader to work.
Joseph Tam jtam.home@gmail.com