[Dovecot] Requiring STARTTLS only on some networks
Pascal Volk
user+dovecot at localhost.localdomain.org
Fri May 7 18:07:58 EEST 2010
On 05/07/2010 04:35 PM Phil Howard wrote:
> Do these "remote sections" need to be in a specific place in the config
> file, or can they just be put where the (global) disable_plaintext_auth is
> located?
The latter one, where the global disable_plaintext_auth is located,
> Do you know if the remote address gets passed from Postfix on to Dovecot
> through the authentication connection (when Dovecot is doing the
> authentication for Postfix mail submission) so that these same remote rules
> apply?
Hm, doesn't look so, as if Postfix would forward this info (remote host)
to Dovecot. Even when I connect from a 'disable_plaintext_auth = no
network' to Postfix (2.6.5), Postfix offers:
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5
But the SSL/TLS state should be forwarded from Postfix to Dovecot:
http://www.mail-archive.com/postfix-users@postfix.org/msg10590.html
Regards,
Pascal
--
The trapper recommends today: 5e1f1e55.1012716 at localdomain.org
More information about the dovecot
mailing list