Hello,
I have a question relating to the detail that the verbose_proctitle parameter
enables for ps.
I have TLS configured for IMAP as follows:
/etc/dovecot/dovecot.conf
ssl = required
ssl_cert = </path/to/cert.pem>
ssl_key = </path/to/key.pem>
protocols = imap lmtp
service imap-login {
# Disable insecure IMAP over TCP 143
inet_listener imap {
port=0
}
}
. . .
verbose_proctitle = yes
If I have a single MUA connect (Apple Mail in this case), I see:
$ ps aux | grep -i dovevot
dovenull 5552 0.0 0.1 18820 5444 ? S 18:53 0:00
dovecot/imap-login [1 connections (1 TLS)]
vmail 5553 0.3 0.1 13612 4304 ? S 18:53 0:00
dovecot/imap [u...@example.com 1.2.3.4 IDLE]
The first part makes sense to me - imap-login is showing the user being
connected via imap-login and with TLS.
The second part, however, shows the IMAP session with the username, IP address
and IMAP command (IDLE),
but it does not state TLS.
Does this mean that I have logins for IMAP connections protected by TLS but the
actual IMAP traffic (mail
contents, etc.), is *NOT* configured to use TLS ? That is to say, IMAP traffic
is flowing over port 993 without
TLS ?
From the wiki [1] it appears to state that I only have to configure TLS
settings for IMAP if the IMAP protocol is
being secured via a *DIFFERENT* TLS certificate.
Is this correct ?
Thanks,
- J
Sources:
[1] https://wiki2.dovecot.org/SSL/DovecotConfiguration
