[Dovecot] dovecot proxy ssl-parameter from database?
Daniel Funke
daniel at dhag.net
Mon Sep 3 16:32:55 EEST 2012
Hi List,
I want to migrate my IMAP-users from an old Courier-IMAP-Server to a new
dovecot-Server. The old server supports IMAP without and with TLS. The
new one only with TLS.
To users should be migrated one by one with changing some client
parameters. To leave the servername of the imap server I want to use the
dovecot proxy during migration. the proxy uses a sql db to look for the
old or new host for every user.
So far all works fine. My question is the TLS or noTLS connection from
the client to the proxy. How can I make the ssl-parameter
user-dependant? clients to the old courier server should work without or
with tls through the proxy and clients to the new dovecot server should
only work WITH TLS between Client and proxy. (After migration of all
clients the proxy should be switched off an all clients connect directly
to the dovecot server.)
I tried with http://wiki2.dovecot.org/UserDatabase/ExtraFields and
returned a field "userdb_ssl" ("required" for host dovecot, "yes" for
host courier). But it doesn't work. A migrated user can still login
without tls to the proxy and the dovecot backend.
Any ideas?
Daniel
Here is my doveconf -n
# 2.1.9: /opt/dovecot/etc/dovecot/dovecot.conf
doveconf: Warning: service anvil { client_limit=1000 } is lower than
required under max. load (1503)
# OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_mechanisms = plain login
default_process_limit = 500
disable_plaintext_auth = no
listen = *
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
args = /opt/dovecot/etc/dovecot/sql.conf
driver = sql
}
protocols = imap pop3
service imap-login {
inet_listener imaps {
port = 0
}
}
service pop3-login {
inet_listener pop3s {
port = 0
}
}
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/private/server.key
userdb {
driver = prefetch
}
verbose_proctitle = yes
More information about the dovecot
mailing list