Question about verbose_proctitle
J Doe
general at nativemethods.com
Fri Jul 13 03:45:10 EEST 2018
> On Jul 10, 2018, at 7:19 PM, J Doe <general at nativemethods.com> wrote:
>
> Hello,
>
> I have a question relating to the detail that the verbose_proctitle parameter enables for ps.
>
> I have TLS configured for IMAP as follows:
>
> /etc/dovecot/dovecot.conf
> ssl = required
> ssl_cert = </path/to/cert.pem>
> ssl_key = </path/to/key.pem>
>
> protocols = imap lmtp
>
> service imap-login {
> # Disable insecure IMAP over TCP 143
> inet_listener imap {
> port=0
> }
> }
>
> . . .
>
> verbose_proctitle = yes
>
> If I have a single MUA connect (Apple Mail in this case), I see:
>
> $ ps aux | grep -i dovevot
>
> dovenull 5552 0.0 0.1 18820 5444 ? S 18:53 0:00 dovecot/imap-login [1 connections (1 TLS)]
> vmail 5553 0.3 0.1 13612 4304 ? S 18:53 0:00 dovecot/imap [user at example.com 1.2.3.4 IDLE]
>
> The first part makes sense to me - imap-login is showing the user being connected via imap-login and with TLS.
> The second part, however, shows the IMAP session with the username, IP address and IMAP command (IDLE),
> but it does not state TLS.
>
> Does this mean that I have logins for IMAP connections protected by TLS but the actual IMAP traffic (mail
> contents, etc.), is *NOT* configured to use TLS ? That is to say, IMAP traffic is flowing over port 993 without
> TLS ?
>
> From the wiki [1] it appears to state that I only have to configure TLS settings for IMAP if the IMAP protocol is
> being secured via a *DIFFERENT* TLS certificate.
>
> Is this correct ?
>
> Thanks,
>
> - J
>
> Sources:
>
> [1] https://wiki2.dovecot.org/SSL/DovecotConfiguration
Hi,
I was able to partially answer my question, today.
I used tcpdump to record the traffic between a single client computer and the server running Dovecot and can confirm that all of the IMAP traffic to and from the server was over TLS 1.2 with the configuration I mentioned (see previous e-mail above). This still makes me wonder, though, why Dovecot does not specify “TLS” when I use ps:
/etc/dovecot/dovecot.conf
. . .
verbose_proctitle = yes
. . .
$ ps aux | grep -I dovevot
dovenull 5552 0.0 0.1 18820 5444 ? S 18:53 0:00 dovecot/imap-login [1 connections (1 TLS)]
vmail 5553 0.3 0.1 13612 4304 ? S 18:53 0:00 dovecot/imap [user at example.com 1.2.3.4 IDLE]
I’m aware that this is because the code does not state to specify “TLS” for the dovecot/imap [user at example.com 1.2.3.4 IDLE] line of output, but I’m curious as to why that decision was made ?
Thanks,
- J
More information about the dovecot
mailing list