[Dovecot] TLS / SSL mixed w/ plaintext auth and virtual hosting
Michael Orlitzky
michael at orlitzky.com
Thu Aug 27 18:55:28 EEST 2009
Nathan M wrote:
> On Thu, Aug 27, 2009 at 12:03 AM, Michael Orlitzky<michael at orlitzky.com> wrote:
>> Nathan M wrote:
>>> Traditionally this server has only accepted plaintext authentications;
>>> however, we want to change that and enable TLS/SSL. The challenge is
>>> the server has hundreds of IP addresses it binds to to listen on ports
>>> 110/143.
>> It may be 3am, but I'm pretty sure that this is the part of your setup that
>> doesn't make sense. Why does your POP/IMAP server need to be accessed via so
>> many addresses?
>>
>
> Because everybody wants to check email at mail.$theirdomain.com.
But that can be a CNAME for mail.$yourdomain.com, which resolves to one
address.
> Also, some users "need" to check email with username only, so the
> local_ip variable is used within the dovecot-sql query to lookup some
> virtual users by username only + match the local_ip to a table with
> domain+ip lookup.
Ok, you got me. How many users need that ability? Would anyone notice if
you killed them?
I started writing a long and involved migration plan to work around this
requirement, but honestly, "wait for v2.0" is probably a better one.
More information about the dovecot
mailing list