[Dovecot] Dovecot 2.2. proxy_maybe and twice SSL connections
Timo Sirainen
tss at iki.fi
Tue Feb 19 10:54:44 EET 2013
On Tue, 2013-02-19 at 12:39 +0400, Evgeny Basov wrote:
> Hello.
>
> 1. I have two identically hosts
> 2. I have set up replication between two hosts
> 3. I have
>
> 'Y' AS proxy_maybe
>
> in password_query.
> 4. password_query returns one of this one hosts
So the user typically goes to the same server, but on failures the query
could return another host?
BTW. I'm hoping that at some point in future it would be enough to just
set up two A records to DNS and client would connect automatically to
the first one that works.
> 5. I set this parameters in dovecot config:
>
> disable_plaintext_auth = yes
> ssl = yes
> auth_mechanisms = plain login
>
> for enforce use encrypted connections by client programs.
>
>
> When the client connects to host imap2 directly, connection is
> encrypted, it is good.
>
> | client | ---- (1) ----> |imap2 (proxy_maybe='y', host = imap2)|
>
> And when the client connects to another host, I have (1) and (2)
> connections are encrypted
>
> | client | ---- (1) ----> |imap1 (proxy_maybe='y', host = imap2)| ----
> (2) ----> |imap2|
>
> but need only (1).
>
> How do I have desired behavior? Is it possible?
Set login_trusted_networks so both servers trust each others. SSL isn't
required then. Also the client's real IP address gets proxied to
logs/etc then.
More information about the dovecot
mailing list