[Dovecot] dovecot/imap-login TLS?
# ps auxwww|egrep -i imap-login dovenull 11879 1.4 0.9 83484 77656 ? S Nov20 19:12 dovecot/imap-login [822 connections (822 TLS)]
What exactly is TLS in this context? All connections from imap -> imap-login? All clients connecting to an imap process?
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
On Sun, 2010-11-21 at 20:23 +0100, Ralf Hildebrandt wrote:
# ps auxwww|egrep -i imap-login dovenull 11879 1.4 0.9 83484 77656 ? S Nov20 19:12 dovecot/imap-login [822 connections (822 TLS)]
What exactly is TLS in this context? All connections from imap -> imap-login? All clients connecting to an imap process?
822 IMAP client connections using TLS/SSL. So client -> imap-login. imap-login then proxies it to imap process in plaintext.
- Timo Sirainen tss@iki.fi:
On Sun, 2010-11-21 at 20:23 +0100, Ralf Hildebrandt wrote:
# ps auxwww|egrep -i imap-login dovenull 11879 1.4 0.9 83484 77656 ? S Nov20 19:12 dovecot/imap-login [822 connections (822 TLS)]
What exactly is TLS in this context? All connections from imap -> imap-login? All clients connecting to an imap process?
822 IMAP client connections using TLS/SSL. So client -> imap-login. imap-login then proxies it to imap process in plaintext.
This means I have no non-TLS connections?
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
On 24.11.2010, at 11.53, Ralf Hildebrandt wrote:
- Timo Sirainen tss@iki.fi:
On Sun, 2010-11-21 at 20:23 +0100, Ralf Hildebrandt wrote:
# ps auxwww|egrep -i imap-login dovenull 11879 1.4 0.9 83484 77656 ? S Nov20 19:12 dovecot/imap-login [822 connections (822 TLS)]
What exactly is TLS in this context? All connections from imap -> imap-login? All clients connecting to an imap process?
822 IMAP client connections using TLS/SSL. So client -> imap-login. imap-login then proxies it to imap process in plaintext.
This means I have no non-TLS connections?
Yes, that's what it looks like.
- Timo Sirainen tss@iki.fi:
On 24.11.2010, at 11.53, Ralf Hildebrandt wrote:
- Timo Sirainen tss@iki.fi:
On Sun, 2010-11-21 at 20:23 +0100, Ralf Hildebrandt wrote:
# ps auxwww|egrep -i imap-login dovenull 11879 1.4 0.9 83484 77656 ? S Nov20 19:12 dovecot/imap-login [822 connections (822 TLS)]
What exactly is TLS in this context? All connections from imap -> imap-login? All clients connecting to an imap process?
822 IMAP client connections using TLS/SSL. So client -> imap-login. imap-login then proxies it to imap process in plaintext.
This means I have no non-TLS connections?
Yes, that's what it looks like.
Ok, that's definitely wrong :) 50% of my users are on webmail, webmail is not using TLS/SSL
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
On 25.11.2010, at 9.23, Ralf Hildebrandt wrote:
This means I have no non-TLS connections?
Yes, that's what it looks like.
Ok, that's definitely wrong :) 50% of my users are on webmail, webmail is not using TLS/SSL
For non-TLS connections imap-login is used only during login, which happens really fast. For TLS connections it's used for the entire duration of the IMAP session, because it does all of the TLS proxying. So unless a connection is spending a lot of time during login you don't normally see them in imap-login process connections.
- Timo Sirainen tss@iki.fi:
For non-TLS connections imap-login is used only during login, which happens really fast. For TLS connections it's used for the entire duration of the IMAP session, because it does all of the TLS proxying.
I understand.Then it makes perfect sense!
So unless a connection is spending a lot of time during login you don't normally see them in imap-login process connections.
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de
participants (2)
-
Ralf Hildebrandt
-
Timo Sirainen