The wiki <http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy> page says this: "The connections created to the destination server can't be TLS/SSL encrypted.". Hrmm. Right now, with perdition, I'm forcing the use of STARTTLS on the internal connections. I'd just as soon get rid of perdition (to have one less moving part in my architecture), but I need the secure connections. Is there a way to configure dovecot's internal proxy connections to use STARTTLS or some other SSL/TLS level of security? (Without a bunch more research, I don't know what the interaction is between the real client, the dovecot proxy, and the destination server.) -- bill-dovecot at carpenter.ORG (WJCarpenter) PGP 0x91865119 38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3
WJCarpenter wrote:> The wiki <http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy> > page says this: "The connections created to the destination server > can't be TLS/SSL encrypted.". > > Hrmm. Right now, with perdition, I'm forcing the use of STARTTLS on > the internal connections. I'd just as soon get rid of perdition (to > have one less moving part in my architecture), but I need the secure > connections. > > Is there a way to configure dovecot's internal proxy connections to > use STARTTLS or some other SSL/TLS level of security? (Without a > bunch more research, I don't know what the interaction is between the > real client, the dovecot proxy, and the destination server.) >Just create encrypted tunnel between the peers and send your traffic through it. IPSec, ssh etc..
WJCarpenter wrote:> The wiki <http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy> > page says this: "The connections created to the destination server > can't be TLS/SSL encrypted.". > > Hrmm. Right now, with perdition, I'm forcing the use of STARTTLS on > the internal connections. I'd just as soon get rid of perdition (to > have one less moving part in my architecture), but I need the secure > connections. > > Is there a way to configure dovecot's internal proxy connections to > use STARTTLS or some other SSL/TLS level of security? (Without a > bunch more research, I don't know what the interaction is between the > real client, the dovecot proxy, and the destination server.)per another current thread (o/s tuning for imap), I've installed imapproxy, and it supports starttls to the backend imap server. It doesn't use encryption on the incoming connections though, since they are presumably from localhost (squirrelmail). Ken -- Ken Anderson Pacific.Net