On 4.2.2020 13.46, Heiko Schlittermann wrote:
> Hi, I'm resending this message, still hoping for an answer.
>
> Hello,
>
> does dovecot support tls-on-connect for AF INET based auth-client
> sockets?
>
> Rationale behind my question:
>
> Exim can use the Dovecot auth-client socket to delegate the
> SMTP-AUTH authentication to Dovecot.
>
> Currently Exim supports the AF UNIX only for this socket. Jeremy makes
> progress in extending this to use AF INET sockets too.
>
> While it works with clear text communication already, during testing I
> was to setup the auch-client socket as an TLS server (tls-on-connect).
> It doesn't seem to work as I'd expect. The socket still offers
> clear-text only.
>
> Here my configuration snippets regarding this socket
>
> ssl = yes
> ssl_cert = </etc/dovecot/private/server.pem
> ssl_key = </etc/dovecot/private/server.pem
>
> service auth {
> …
> unix_listener auth-client {
> group = _exim
> mode = 0660
> }
> inet_listener auth-client {
> name = exim
> port = 4711
> ssl = yes
> }
> }
>
> SSL connections to :993 work as expected.
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
Hi!
This is not (yet) implemented. You can probably workaround with haproxy
/ stunnel for now.
Aki
