Hi I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24. Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the connection from the director to the backend as well? Regards tobi
Not according to dovecot doco ... from https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy *NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored *rgds Matt> Tobi <mailto:tobisworld at gmail.com> > 23 November 2017 at 6:31 pm > Hi > > I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is > configured to act as director and delivers to my two backend servers. > I enabled lmtp proxy on director to listen on port 24. > > Now I see in msg headers that the connection to the lmtp proxy uses > STARTTLS but the connection from proxy to backend seems to be > unencrypted. Is it possible to enforce the use of STARTTLS in the > connection from the director to the backend as well? > > Regards > > tobi
NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld at gmail.com>:>Hi > >I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is >configured to act as director and delivers to my two backend servers. >I enabled lmtp proxy on director to listen on port 24. > >Now I see in msg headers that the connection to the lmtp proxy uses >STARTTLS but the connection from proxy to backend seems to be >unencrypted. Is it possible to enforce the use of STARTTLS in the >connection from the director to the backend as well? > >Regards > >tobi
Hi thanks for the link. Read that page before but somehow missed the comment about ssl+lmtp proxy :-) Are there any plans to implement that to dovecot in future? Regards tobi Am 23.11.2017 um 18:38 schrieb Carsten Rosenberg:> NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored > > https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld at gmail.com>: >> Hi >> >> I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is >> configured to act as director and delivers to my two backend servers. >> I enabled lmtp proxy on director to listen on port 24. >> >> Now I see in msg headers that the connection to the lmtp proxy uses >> STARTTLS but the connection from proxy to backend seems to be >> unencrypted. Is it possible to enforce the use of STARTTLS in the >> connection from the director to the backend as well? >> >> Regards >> >> tobi