Proxy secured incoming POP3/IMAP4 to unsecure backend?
Hi,
I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends.
You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this is why I don't want to use TLS to acces backends.
But as I did the test setup I can see proxy Dovecot uses TLS to connect to backends. Is there any way I can specify this aspect of Dovecot proxy?
Please advice!
Yours, Alexander
On 17.09.2018 13:59, Alexander Chekalin wrote:
Hi,
I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends.
You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this is why I don't want to use TLS to acces backends.
But as I did the test setup I can see proxy Dovecot uses TLS to connect to backends. Is there any way I can specify this aspect of Dovecot proxy?
Please advice!
Yours, Alexander
Dovecot does not use TLS/SSL when connecting to a backend server by default, you are probably specifying this in your proxy config or password database.
Aki
On Sep 17, 2018, at 6:59 AM, Alexander Chekalin alexander.chekalin@gmail.com wrote:
Hi,
I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends.
You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this is why I don't want to use TLS to acces backends.
A better security practice would be to also use TLS to the backend. You want a defense in depth rather than a "crunchy shell around a soft, chewy center."
Jim
participants (3)
-
Admin
-
Aki Tuomi
-
Alexander Chekalin