Dovecot LMTP Proxy + STARTTLS?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Dovecot LMTP Proxy + STARTTLS?

Tobi-2
Hi

I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is
configured to act as director and delivers to my two backend servers.
I enabled lmtp proxy on director to listen on port 24.

Now I see in msg headers that the connection to the lmtp proxy uses
STARTTLS but the connection from proxy to backend seems to be
unencrypted. Is it possible to enforce the use of STARTTLS in the
connection from the director to the backend as well?

Regards

tobi
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot LMTP Proxy + STARTTLS?

Matt Bryant-3
Not according to dovecot doco ... from
https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy

*NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any
ssl/starttls extra field is ignored

*rgds

Matt


> Tobi <mailto:[hidden email]>
> 23 November 2017 at 6:31 pm
> Hi
>
> I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is
> configured to act as director and delivers to my two backend servers.
> I enabled lmtp proxy on director to listen on port 24.
>
> Now I see in msg headers that the connection to the lmtp proxy uses
> STARTTLS but the connection from proxy to backend seems to be
> unencrypted. Is it possible to enforce the use of STARTTLS in the
> connection from the director to the backend as well?
>
> Regards
>
> tobi

Reply | Threaded
Open this post in threaded view
|

[SPAMMY]Re: Dovecot LMTP Proxy + STARTTLS?

Carsten Rosenberg
In reply to this post by Tobi-2
NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored

https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy

Am 23. November 2017 09:31:41 MEZ schrieb Tobi <[hidden email]>:

>Hi
>
>I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is
>configured to act as director and delivers to my two backend servers.
>I enabled lmtp proxy on director to listen on port 24.
>
>Now I see in msg headers that the connection to the lmtp proxy uses
>STARTTLS but the connection from proxy to backend seems to be
>unencrypted. Is it possible to enforce the use of STARTTLS in the
>connection from the director to the backend as well?
>
>Regards
>
>tobi
Reply | Threaded
Open this post in threaded view
|

Re: [SPAMMY]Re: Dovecot LMTP Proxy + STARTTLS?

Tobi-2
Hi

thanks for the link. Read that page before but somehow missed the
comment about ssl+lmtp proxy :-)

Are there any plans to implement that to dovecot in future?

Regards

tobi

Am 23.11.2017 um 18:38 schrieb Carsten Rosenberg:

> NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored
>
> https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
>
> Am 23. November 2017 09:31:41 MEZ schrieb Tobi <[hidden email]>:
>> Hi
>>
>> I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is
>> configured to act as director and delivers to my two backend servers.
>> I enabled lmtp proxy on director to listen on port 24.
>>
>> Now I see in msg headers that the connection to the lmtp proxy uses
>> STARTTLS but the connection from proxy to backend seems to be
>> unencrypted. Is it possible to enforce the use of STARTTLS in the
>> connection from the director to the backend as well?
>>
>> Regards
>>
>> tobi
Reply | Threaded
Open this post in threaded view
|

Re: [SPAMMY]Re: Dovecot LMTP Proxy + STARTTLS?

Stephan Bosch-2
Op 11/23/2017 om 8:44 PM schreef [hidden email]:
> Hi
>
> thanks for the link. Read that page before but somehow missed the
> comment about ssl+lmtp proxy :-)
>
> Are there any plans to implement that to dovecot in future?

Shouldn't be a problem for v2.3.

Regards,

Stephan.

> Regards
>
> tobi
>
> Am 23.11.2017 um 18:38 schrieb Carsten Rosenberg:
>> NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored
>>
>> https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
>>
>> Am 23. November 2017 09:31:41 MEZ schrieb Tobi <[hidden email]>:
>>> Hi
>>>
>>> I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is
>>> configured to act as director and delivers to my two backend servers.
>>> I enabled lmtp proxy on director to listen on port 24.
>>>
>>> Now I see in msg headers that the connection to the lmtp proxy uses
>>> STARTTLS but the connection from proxy to backend seems to be
>>> unencrypted. Is it possible to enforce the use of STARTTLS in the
>>> connection from the director to the backend as well?
>>>
>>> Regards
>>>
>>> tobi