[Dovecot] Dovecot for POP3S proxying

[Gilles Albusac]

Dovecot is installed but actually I just use auth module (for postfix 
authentication).

In your dovecot.conf example, I don't see the "proxy" command ?

Could you give me a few more details on the "proxy" command usage 
(ExtraFields/Proxy is not clear for me)?

Regards

-----Message d'origine----- 
From: David Jonas
Sent: Thursday, May 03, 2012 8:04 PM
To: Gilles Albusac
Subject: Re: [Dovecot] Dovecot for POP3S proxying

On Thu May  3 05:14:40 2012, Gilles Albusac wrote:
> Dovecot is already installed in my architecture and I just would like
> to know how to configure Dovecot for POP3S proxying with authentication.
>
> For security reasons I prefer to install as little as possible binary
> (see vulnerability 2011 - remote exploit - STUNNEL).

If you already have dovecot running in proxy mode it's easy to add
pop3s. If not, see
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy

See http://wiki2.dovecot.org/Services search the page for pop3s. A
simple example:

ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/dovecot.pem

service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

Of course there is a lot more SSL tuning that can be done:
http://wiki2.dovecot.org/SSL/DovecotConfiguration

> -----Message d'origine----- From: David Jonas
> Sent: Wednesday, May 02, 2012 10:29 PM
> To: Gilles Albusac
> Cc: dovecot at dovecot.org
> Subject: Re: [Dovecot] Dovecot for POP3S proxying
>
> On Wed May  2 06:41:00 2012, Gilles Albusac wrote:
>> I would like to configure Dovecot for POP3S proxying all users from
>> the Internet to the internal Exchange Mail Server.
>
> Unless I'm missing something with your request, you don't need dovecot.
> Any ssl proxy can do that for you, such as stunnel
> (http://www.stunnel.org/). We use the hardware ssl termination on our
> load balancers for pop3s, imaps, and smtps.