Hi
I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24.
Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the connection from the director to the backend as well?
Regards
tobi
Not according to dovecot doco ... from https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
*NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored
*rgds
Matt
Tobi <mailto:tobisworld@gmail.com> 23 November 2017 at 6:31 pm Hi
I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24.
Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the connection from the director to the backend as well?
Regards
tobi
NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored
https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld@gmail.com>:
Hi
I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24.
Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the connection from the director to the backend as well?
Regards
tobi
Hi
thanks for the link. Read that page before but somehow missed the comment about ssl+lmtp proxy :-)
Are there any plans to implement that to dovecot in future?
Regards
tobi
Am 23.11.2017 um 18:38 schrieb Carsten Rosenberg:
NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored
https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld@gmail.com>:
Hi
I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24.
Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the connection from the director to the backend as well?
Regards
tobi
Op 11/23/2017 om 8:44 PM schreef tobisworld@gmail.com:
Hi
thanks for the link. Read that page before but somehow missed the comment about ssl+lmtp proxy :-)
Are there any plans to implement that to dovecot in future?
Shouldn't be a problem for v2.3.
Regards,
Stephan.
Regards
tobi
Am 23.11.2017 um 18:38 schrieb Carsten Rosenberg:
NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored
https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld@gmail.com>:
Hi
I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24.
Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the connection from the director to the backend as well?
Regards
tobi
participants (5)
-
Carsten Rosenberg
-
Matt Bryant
-
Stephan Bosch
-
Tobi
-
tobisworld@gmail.com