I'm trying to run the Dovecot Authentication Protocol (port 12345) [1]
via SSL. Here is my non-SSL config:
service auth {
inet_listener {
port = 12345
haproxy = yes
}
}
Adding ssl=yes to the inner block doesn't seem to change anything, I
can't connect via "openssl s_client -connect", for example. I do use SSL
for IMAPS, so I know my general SSL configuration is fine and I've got a
valid LetsEncrypt cert.
Also, Postfix doesn't appear to offer any configuration in terms of
running this protocol via SSL.
Question: Does it even matter? I'm about to run this protocol over
untrusted networks. Is it perhaps designed to handle this situation?
I'm using SASL plain authentication. I'm obviously concerned about
leaking passwords, but also about leaking usernames and activity logs in
general.
[1] https://doc.dovecot.org/3.0/developer_manual/design/auth_protocol/
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
