Proxy secured incoming POP3/IMAP4 to unsecure backend?

Alexander Chekalin alexander.chekalin at gmail.com
Mon Sep 17 16:35:55 EEST 2018 

Thank you!

Ok, so I can omit ssl=no and startssl=no, and this results in default
settings for ssl which is 'off'? Or the defaults are 'on' anyway?

Can I somehow specify ports on remote hosts that proxy will use to connect
to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop=10.1.1.1:110'
or somehow?




On Mon, Sep 17, 2018 at 4:33 PM Aki Tuomi <aki.tuomi at dovecot.fi> wrote:

> Due to certain design issues, the ssl=no is actually same as ssl=yes, same
> goes for starttls=no. So there is no support actually for "ssl=no" at this
> moment.
>
> Aki
>
> > On 17 September 2018 at 15:32 Alexander Chekalin <
> alexander.chekalin at gmail.com> wrote:
> >
> >
> > Surely.
> >
> > Here it is:
> >
> > # doveadm auth user at domain.com
> > Password:
> > passdb: chekalin_krg at ascon.ru auth succeeded
> > extra fields:
> >   user=user at domain.com
> >   proxy
> >   host=10.10.14.131
> >   ssl=no
> >   startssl=no
> >   source_ip=10.10.14.2
> >   proxy
> >   proxy
> >   pass=password
> >
> > Two "proxy" are from two "proxy" and "proxy=yes" settings passed from
> > passdb.
> >
> > On Mon, Sep 17, 2018 at 3:03 PM Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> >
> > > Can you provide output of
> > >
> > > doveadm auth test some-user
> > > Aki
> > >
> > > On 17.09.2018 14:58, Alexander Chekalin wrote:
> > >
> > > Dear Aki,
> > >
> > > we keep our users in LDAP so I when I even return 'proxy
> host=backend_ip
> > > tls=no' it won't use non-TLS connection. The same is when I remove
> 'tls=no'
> > > part. May there be any extra things I need to pass when I use LDAP?
> > >
> > > On Mon, Sep 17, 2018 at 2:07 PM Aki Tuomi <aki.tuomi at dovecot.fi>
> wrote:
> > >
> > >>
> > >>
> > >> On 17.09.2018 13:59, Alexander Chekalin wrote:
> > >> > Hi,
> > >> >
> > >> > I try to set up dovecot as a proxy server, to proxy requests to
> > >> > several dovecot-based backend servers. I wand external clients who
> > >> > connects to this proxy Dovecot to use TLS (this is easy to set up)
> > >> > while want to have unsecured (plain IMAP/POP) connections to
> backends.
> > >> >
> > >> > You see, links to backends are over LAN so no TLS needed, and these
> > >> > backends are poor old machines (with old Docecots like 2.0.6) this
> is
> > >> > why I don't want to use TLS to acces backends.
> > >> >
> > >> > But as I did the test setup I can see proxy Dovecot uses TLS to
> > >> > connect to backends. Is there any way I can specify this aspect of
> > >> > Dovecot proxy?
> > >> >
> > >> > Please advice!
> > >> >
> > >> > Yours,
> > >> >   Alexander
> > >>
> > >> Dovecot does not use TLS/SSL when connecting to a backend server by
> > >> default, you are probably specifying this in your proxy config or
> > >> password database.
> > >>
> > >> Aki
> > >>
> > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180917/1facefd0/attachment.html>

More information about the dovecot mailing list