[Dovecot] Dovecot 2.2. proxy_maybe and twice SSL connections

Ben Morrow ben at morrow.me.uk
Tue Feb 19 12:17:56 EET 2013


At 12PM +0400 on 19/02/13 you (Evgeny Basov) wrote:
>
>  5. I set this parameters in dovecot config:
> 
>     disable_plaintext_auth = yes
>     ssl = yes
>     auth_mechanisms = plain login
<snip>
> 
> And when the client connects to another host, I have (1) and (2) 
> connections are encrypted
> 
> | client | ---- (1) ----> |imap1 (proxy_maybe='y', host = imap2)| ----
> (2) ----> |imap2|
> 
> but need only (1).

That's not a good idea. SSL is not very much overhead, and trusting your
internal networks to the point of having plaintext passwords going over
the wire is not very safe.

Ben




More information about the dovecot mailing list