similar to: securing dovecot proxy connections

Before I spend some time experimenting with what might be impossible, maybe someone can just tell me (either "how" or that it's impossible). I'd like to get perdition out of my environment (mainly to have one less moving part in my architecture). I'm looking at dovecot's built-in proxying. In my setup, I don't have dedicated front-end machines. A user can connect

In the course of experimenting with getting dovecot proxying to work, I took a guess at two things. These work fine for me, but now I'm wondering if they are "as designed" or just a lucky accident that might stop working in the future. (I'm using dovecot 1.0.rc17, which is the included version in Ubuntu Feisty. (I am aware that some details change in v1.1, and I'm not

Hi all, I have some IMAP servers fronted with separate perdition processes, and it would be ideal if I could collapse this down to having dovecot do both the IMAP proxying and the IMAP serving at the same time on the same IP addresses. One of the fields in my LDAP entries contains the canonical name of the server that hosts their mailbox, and if I follow the manual at

Hi, I have been reading the acl documentation and it seems that a "connect acl" is not available. I need to limit the users that can login in an IP number, is that posible with dovecot 1.0? (i.e. only these users can login from the Internet) Or a new plugin should be written? It is complicated to do that? Thanks Oliver -- Oliver Schulze L. | http://tinymailto.com/oliver Asuncion

Hi I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24. Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the

Hi, when proxying lmtp from director to backend, director does not use STARTTLS. Delivering mails with postfix via lmtps to backend or director works encrypted. Is there a way to force the use of STARTTLS on dovecot director lmtp proxy? Regards, Matthias -- BOFH excuse #446: Mailer-daemon is busy burning your message in hell. (hbox storage?)

I am doing some research on Dovecots IMAP-Proxy features mentioned in <http://wiki.dovecot.org/HowTo/ImapProxy> and <http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy>. The docs only mention SQL as backend to hold required data. Is it also possible to use LDAP? TIA, p at rick -- state of mind Agentur f?r Kommunikation, Design und Softwareentwicklung Patrick Koetter

Hi, I have two load-balanced dovecot servers using a single NFS mount. The version is 1.2.11. I chose this so that if one server goes down the other will take up the load, and if my load is too much for one server I just have to add more identical servers. It works, but I wish to move to SAN storage because the NFS server is exhibiting irregular performance. (I spent a lot of time with tcpdump to

NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld at gmail.com>: >Hi > >I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is >configured to act as director and delivers to my two backend

Hi everyone! I have dovecot (1.2.11) on one our external mail servers acting as a proxy. The client (ifor now, my iphone) connects fine via ssl to the external mailserver but I can't seem to get a secure connection now to the internal destination imap server (between external mail server and internal imap server, it's going through port 143). Running tcpdump, I can clearly see my

I'm a database noob, and it really seems like it would be overkill for my setup: I just want to proxy all connections from my DMZ to my internal mail server -- same internal server for all users. I used to use perdition for this set up, but am having issues getting it to play nicely with my new servers. Can I bypass all of the SQL stuff and just have dovecot forward all POP/IMAP

Dave McGuire writes: >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >> >> then setup fail2ban to manage extrafields > > Now that's a very interesting idea, thank you! I will investigate this. If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries any

Hello, I've been running dovecot for over 3 years now and it works with no problems. I have it setup so that it authenticates users against Active Directory via LDAP and so far no problems. What I would like to know is if there is any way that I could deny access for users trying to access email via cellphones or email clients outside the company. I can

Hi, Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot proxy servers, I've reconfigured them to use "mail_max_userip_connections = 50" in the "protocol imap" section, followed by restarting Dovecot. Yet, I'm still seeing 160+ established connections from a single IP address for the same email account. Am I missing anything? # 2.2.27

Is there any way to pass things like "quota=" for the quota plugin to the deliver LDA via the command line or as an environment variable or whatever? I've got all the info I need in my MTA to avoid a userdb lookup in the LDA, but I still have to do the userdb query to get the per-user quota number (the default quota works fine, of course). -- bill-dovecot at carpenter.ORG

The wiki <http://wiki.dovecot.org/Iptables> leads me to believe that the only way to configure dovecot to listen for the same protocol on multiple ports is via external redirection (iptables or similar). Is that so, or can dovecot be directly configured to listen on multiple ports? Here's a concrete example of what I'm trying to accomplish. Our environment uses plaintext

Hi, mail_max_userip_connections is only enforced at the backend level. The setting has no effect on proxy. If you want to force the limit then you can only do it in the backend. Sami > On 9 Mar 2017, at 12.05, Adi Pircalabu <adi at ddns.com.au> wrote: > > Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per

Hi, I thought I read that anything from dovecot.conf can be overridden in a userdb lookup. Or a passdb lookup with "userdb_" prefix. But I tried for fun change log_path but it never worked. Is that because logging is special, already started logging before it comes to the passdb/userdb lookups? So are there some dovecot.conf settings that cannot be overridden? Thanks!

On 15 May 2018, at 12.06, Timo Sirainen <tss at iki.fi> wrote: > > If you look at .176's error log, do you see an error about "director_consistent_hashing settings differ between directors"? Have you set director_consistent_hashing=yes in the old directors? That is needed now, because the old non-consistent-hashing method is obsoleted. Unfortunately there's no easy

Abstract from http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > host=s: The destination server's *IP address*. This field is required. > Note that currently it's required to use an IP address since no DNS > resolving is done. > Hello Timo, Here goes one more item for the v2.0 wishlist: Will it become possible to do dovecot imap proxying based on a