IMAP-auth on LAN and otherwise
Rupert Gallagher
ruga at protonmail.com
Thu May 4 01:11:55 EEST 2017
By pointing the clients' DNS to the server's local address, instead of the public one.
We feared it would break IMAP locally, because of DNSSEC and DANE and what not, all tied to the public IP. It just passed the test, and IMAP is much faster now.
Sent from ProtonMail Mobile
On Wed, May 3, 2017 at 5:27 PM, B. Reino <reinob at bbmk.org> wrote: How? :)
On May 3, 2017 5:25:51 PM GMT+02:00, Rupert Gallagher <ruga at protonmail.com> wrote:
>Problem solved.
>
>Sent from ProtonMail Mobile
>
>On Tue, May 2, 2017 at 3:46 PM, Rupert Gallagher <ruga at protonmail.com>
>wrote:
>Hello,
>
>Thunderbird has been bugging us with connection errors. Dovecot is
>installed on a local server that carries a local IP and a public IP.
>When Thunderbird on a local client connects successfully, Wireshark
>shows a SYN request from the client's IP on LAN to the public IP of the
>server, followed by the ACK from the same public IP. When Thunderbird
>on the same local client fails to connect, Wireshark shows a SYN
>request from the client's IP on LAN to the public IP of the server,
>followed by the ACK from the server's LAN address, the client does not
>accept the ACK as valid and sends a new SYN request. The loop
>eventually leads to time-out. At the client's console, the DNS query of
>the IMAP server always responds with the server's public IP address.
>
>It is evident from Wireshark that the dovecot server sends ACKs from
>two IPs. Is it possible to instruct Dovecot to use the public IP only?
More information about the dovecot
mailing list