[Dovecot] Different SSL requirements for connections on different ports?
Timo Sirainen
tss at iki.fi
Tue May 29 18:55:50 EEST 2012
On Tue, 2012-05-29 at 15:09 +0100, William Gallafent wrote:
> Hi All,
>
> I'm running dovecot 2.0.19.
>
> I currently have remote users access mail using IMAP over SSL, with
> their client certificates being both required and verified. I do this
> using "ssl = required" and "ssl_verify_client_cert = yes".
And I guess you also have auth_ssl_require_client_cert=yes.
> I would now like to add a webmail front-end (squirrelmail) running on
> the same server. In order to achieve this I would like to have
> squirrelmail connecting locally using IMAP, but without the
> certificate requirement. I'm happy to use the standard IMAP port for
> this, since that port is firewalled so that only localhost has access.
>
> Do I need to run two separate dovecot instances in order to achieve
> this, or can I somehow configure different SSL requirements for the
> two ports? Is there a way to have the ssl directives I mention above
> active only for a certain port (or for certain hosts, i.e. non-local?)
You could work around ssl=required by setting the webmail's IP to
login_trusted_networks, but it won't get around requiring a valid SSL
cert. For that you'd need to put it inside remote <IP> {} block, but
unfortunately you can't currently change auth settings for specific IPs.
So for now you'd need to run two Dovecot instances.
More information about the dovecot
mailing list