Hello again, I did a lot of trial and error already, but I can't seem to find a way to encrypt my dovecot director to dovceot mailbox traffic. Is there a way to configure dovecot director to only use ssl/tls encrypted connections for specific tagged mailbox clusters? (or all clusters, in fact does not matter if it could be restricted to tags) Looks like there is also no documentation available for this sort of configuration. I tried setting my mailbox nodes to "ssl = require" butt after doing so I can't login through director proxy anymore. It always looks like ssl/tls termination is finally done on director side. Anyone tried this already or has a running setup doing encryption from lets say frontend to backend? Thanks, greetings Patrick
Am 5/28/2020 um 6:08 PM schrieb patosec:> Hello again, > > I did a lot of trial and error already, but I can't seem to find a way > to encrypt my dovecot director to dovceot mailbox traffic. > Is there a way to configure dovecot director to only use ssl/tls > encrypted connections for specific tagged mailbox clusters? (or all > clusters, in fact does not matter if it could be restricted to tags) > Looks like there is also no documentation available for this sort of > configuration. > > I tried setting my mailbox nodes to "ssl = require" butt after doing > so I can't login through director proxy anymore. > It always looks like ssl/tls termination is finally done on director > side. > > Anyone tried this already or has a running setup doing encryption from > lets say frontend to backend? > > Thanks, greetings > Patrick >Never mind, sry for that spam I found the solution, it's well documented: https://wiki1.dovecot.org/PasswordDatabase/ExtraFields/Proxy
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 28/05/2020 19:08 patosec <<a
href="mailto:patosec@freedaten.at">patosec@freedaten.at</a>>
wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Hello again,
</div>
<div>
<br>
</div>
<div>
I did a lot of trial and error already, but I can't seem to find a way
</div>
<div>
to encrypt my dovecot director to dovceot mailbox traffic.
</div>
<div>
Is there a way to configure dovecot director to only use ssl/tls
</div>
<div>
encrypted connections for specific tagged mailbox clusters? (or all
</div>
<div>
clusters, in fact does not matter if it could be restricted to tags)
</div>
<div>
Looks like there is also no documentation available for this sort of
</div>
<div>
configuration.
</div>
<div>
<br>
</div>
<div>
I tried setting my mailbox nodes to "ssl = require" butt after
doing so
</div>
<div>
I can't login through director proxy anymore.
</div>
<div>
It always looks like ssl/tls termination is finally done on director side.
</div>
<div>
<br>
</div>
<div>
Anyone tried this already or has a running setup doing encryption from
</div>
<div>
lets say frontend to backend?
</div>
<div>
<br>
</div>
<div>
Thanks, greetings
</div>
<div>
Patrick
</div>
</blockquote>
<div>
<br>
</div>
<div>
Add to your director passdb attributes, ssl=any-cert or starttls=any-cert.
See https://doc.dovecot.org/configuration_manual/authentication/proxies/
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>