Securing postfix to dovecot (SASL) auth

Patrick Ben Koetter p at sys4.de
Fri Sep 29 12:55:36 EEST 2017


* Aki Tuomi <aki.tuomi at dovecot.fi>:
> 
> 
> On 27.09.2017 13:21, Peter wrote:
> > On 27/09/17 20:35, Thomas Bauer wrote:
> >> service auth {
> >>   inet_listener{
> >>     address=192.0.0.1
> >>     port=10001
> >>     ssl=yes
> >> }
> >> }
> > ssl=yes is not documented to work for the auth service and it's highly
> > likely that it is simply ignored.
> 
> It is documented for inet_listener's in general and is not ignored. Any
> dovecot inet_listener can be given this flag.

However AFAIK Postfix does not honor an SSL encrypted layer for SASL auth.

> You could use stunnel on the other end.

That's what we usually do.

p at rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 


More information about the dovecot mailing list