Proxy secured incoming POP3/IMAP4 to unsecure backend?
Admin
admin at dishaw.org
Mon Sep 17 14:52:23 EEST 2018
> On Sep 17, 2018, at 6:59 AM, Alexander Chekalin <alexander.chekalin at gmail.com> wrote:
>
> Hi,
>
> I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends.
>
> You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like 2.0.6) this is why I don't want to use TLS to acces backends.
A better security practice would be to also use TLS to the backend. You want a defense in depth rather than a "crunchy shell around a soft, chewy center."
Jim
More information about the dovecot
mailing list