Dovecot is installed but actually I just use auth module (for postfix
authentication).
In your dovecot.conf example, I don't see the "proxy" command ?
Could you give me a few more details on the "proxy" command usage
(ExtraFields/Proxy is not clear for me)?
Regards
-----Message d'origine-----
From: David Jonas
Sent: Thursday, May 03, 2012 8:04 PM
To: Gilles Albusac
Subject: Re: [Dovecot] Dovecot for POP3S proxying
On Thu May 3 05:14:40 2012, Gilles Albusac wrote:> Dovecot is already installed in my architecture and I just would like
> to know how to configure Dovecot for POP3S proxying with authentication.
>
> For security reasons I prefer to install as little as possible binary
> (see vulnerability 2011 - remote exploit - STUNNEL).
If you already have dovecot running in proxy mode it's easy to add
pop3s. If not, see
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
See http://wiki2.dovecot.org/Services search the page for pop3s. A
simple example:
ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/dovecot.pem
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
Of course there is a lot more SSL tuning that can be done:
http://wiki2.dovecot.org/SSL/DovecotConfiguration
> -----Message d'origine----- From: David Jonas
> Sent: Wednesday, May 02, 2012 10:29 PM
> To: Gilles Albusac
> Cc: dovecot at dovecot.org
> Subject: Re: [Dovecot] Dovecot for POP3S proxying
>
> On Wed May 2 06:41:00 2012, Gilles Albusac wrote:
>> I would like to configure Dovecot for POP3S proxying all users from
>> the Internet to the internal Exchange Mail Server.
>
> Unless I'm missing something with your request, you don't need
dovecot.
> Any ssl proxy can do that for you, such as stunnel
> (http://www.stunnel.org/). We use the hardware ssl termination on our
> load balancers for pop3s, imaps, and smtps.