Proxy secured incoming POP3/IMAP4 to unsecure backend?

Admin admin at dishaw.org
Mon Sep 17 14:52:23 EEST 2018


> On Sep 17, 2018, at 6:59 AM, Alexander Chekalin <alexander.chekalin at gmail.com> wrote:
> 
> Hi,
> 
> I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends.
> 
> You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this is why I don't want to use TLS to acces backends.

A better security practice would be to also use TLS to the backend. You want a defense in depth rather than a "crunchy shell around a soft, chewy center."

Jim


More information about the dovecot mailing list