[Dovecot] dovecot proxy ssl-parameter from database?

Mon, 03 Sep 2012 06:33:28 -0700 

Hi List,
I want to migrate my IMAP-users from an old Courier-IMAP-Server to a new dovecot-Server. The old server supports IMAP without and with TLS. The new one only with TLS. 


To users should be migrated one by one with changing some client 
parameters. To leave the servername of the imap server I want to use the 
dovecot proxy during migration. the proxy uses a sql db to look for the 
old or new host for every user.



So far all works fine. My question is the TLS or noTLS connection from 
the client to the proxy. How can I make the ssl-parameter 
user-dependant? clients to the old courier server should work without or 
with tls through the proxy and clients to the new dovecot server should 
only work WITH TLS between Client and proxy. (After migration of all 
clients the proxy should be switched off an all clients connect directly 
to the dovecot server.)



I tried with http://wiki2.dovecot.org/UserDatabase/ExtraFields and 
returned a field "userdb_ssl" ("required" for host dovecot, "yes" for 
host courier). But it doesn't work. A migrated user can still login 
without tls to the proxy and the dovecot backend.


Any ideas?

Daniel

Here is my doveconf -n
# 2.1.9: /opt/dovecot/etc/dovecot/dovecot.conf

doveconf: Warning: service anvil { client_limit=1000 } is lower than 
required under max. load (1503)

# OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_mechanisms = plain login
default_process_limit = 500
disable_plaintext_auth = no
listen = *
managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave

passdb {
  args = /opt/dovecot/etc/dovecot/sql.conf
  driver = sql
}
protocols = imap pop3
service imap-login {
  inet_listener imaps {
    port = 0
  }
}
service pop3-login {
  inet_listener pop3s {
    port = 0
  }
}
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/private/server.key
userdb {
  driver = prefetch
}
verbose_proctitle = yes



























					Reply via email to