Ok, got that! After I remover ssl=no it seems to start working as expected. Will know that 'by design' feature for Dovecot, THANK YOU!
On Mon, Sep 17, 2018 at 5:34 PM Aki Tuomi <aki.tu...@dovecot.fi> wrote: > auth process receives the protocol requested when performing > authentication as variable %s (see https://wiki2.dovecot.org/Variables) > > You can use this to choose the value you return for port. > > Aki > > > On 17 September 2018 at 16:56 Alexander Chekalin < > alexander.cheka...@gmail.com> wrote: > > > > > > Seen that URL but port= is strange due to there is no protocol > connection. > > So if I set port=12345 then what proto will I see there? Misleading > setting > > this is why I mentioned (non-existing) per-proto port setting above. > > > > May I please ask for any example on how to pass port per proto? It is a > bit > > fuzzy for me to figure it out but I do believe you used to use it > somehow. > > > > On Mon, Sep 17, 2018 at 4:42 PM Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > > > > The port is determined with port=nnn setting. You can't return > > > per-protocol port like that, you need to look at the protocol > requested by > > > user and return port based on that, or you can omit port to default > into > > > "standard port". > > > > > > not using ssl/starttls is default. > > > > > > > On 17 September 2018 at 16:35 Alexander Chekalin < > > > alexander.cheka...@gmail.com> wrote: > > > > > > > > > > > > Thank you! > > > > > > > > Ok, so I can omit ssl=no and startssl=no, and this results in default > > > > settings for ssl which is 'off'? Or the defaults are 'on' anyway? > > > > > > > > Can I somehow specify ports on remote hosts that proxy will use to > > > connect > > > > to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop= > > > 10.1.1.1:110' > > > > or somehow? > > > > > > > > > > > > > > > > > > > > On Mon, Sep 17, 2018 at 4:33 PM Aki Tuomi <aki.tu...@dovecot.fi> > wrote: > > > > > > > > > Due to certain design issues, the ssl=no is actually same as > ssl=yes, > > > same > > > > > goes for starttls=no. So there is no support actually for "ssl=no" > at > > > this > > > > > moment. > > > > > > > > > > Aki > > > > > > > > > > > On 17 September 2018 at 15:32 Alexander Chekalin < > > > > > alexander.cheka...@gmail.com> wrote: > > > > > > > > > > > > > > > > > > Surely. > > > > > > > > > > > > Here it is: > > > > > > > > > > > > # doveadm auth u...@domain.com > > > > > > Password: > > > > > > passdb: chekalin_...@ascon.ru auth succeeded > > > > > > extra fields: > > > > > > user=u...@domain.com > > > > > > proxy > > > > > > host=10.10.14.131 > > > > > > ssl=no > > > > > > startssl=no > > > > > > source_ip=10.10.14.2 > > > > > > proxy > > > > > > proxy > > > > > > pass=password > > > > > > > > > > > > Two "proxy" are from two "proxy" and "proxy=yes" settings passed > from > > > > > > passdb. > > > > > > > > > > > > On Mon, Sep 17, 2018 at 3:03 PM Aki Tuomi <aki.tu...@dovecot.fi> > > > wrote: > > > > > > > > > > > > > Can you provide output of > > > > > > > > > > > > > > doveadm auth test some-user > > > > > > > Aki > > > > > > > > > > > > > > On 17.09.2018 14:58, Alexander Chekalin wrote: > > > > > > > > > > > > > > Dear Aki, > > > > > > > > > > > > > > we keep our users in LDAP so I when I even return 'proxy > > > > > host=backend_ip > > > > > > > tls=no' it won't use non-TLS connection. The same is when I > remove > > > > > 'tls=no' > > > > > > > part. May there be any extra things I need to pass when I use > LDAP? > > > > > > > > > > > > > > On Mon, Sep 17, 2018 at 2:07 PM Aki Tuomi < > aki.tu...@dovecot.fi> > > > > > wrote: > > > > > > > > > > > > > >> > > > > > > >> > > > > > > >> On 17.09.2018 13:59, Alexander Chekalin wrote: > > > > > > >> > Hi, > > > > > > >> > > > > > > > >> > I try to set up dovecot as a proxy server, to proxy > requests to > > > > > > >> > several dovecot-based backend servers. I wand external > clients > > > who > > > > > > >> > connects to this proxy Dovecot to use TLS (this is easy to > set > > > up) > > > > > > >> > while want to have unsecured (plain IMAP/POP) connections to > > > > > backends. > > > > > > >> > > > > > > > >> > You see, links to backends are over LAN so no TLS needed, > and > > > these > > > > > > >> > backends are poor old machines (with old Docecots like > 2.0.6) > > > this > > > > > is > > > > > > >> > why I don't want to use TLS to acces backends. > > > > > > >> > > > > > > > >> > But as I did the test setup I can see proxy Dovecot uses > TLS to > > > > > > >> > connect to backends. Is there any way I can specify this > aspect > > > of > > > > > > >> > Dovecot proxy? > > > > > > >> > > > > > > > >> > Please advice! > > > > > > >> > > > > > > > >> > Yours, > > > > > > >> > Alexander > > > > > > >> > > > > > > >> Dovecot does not use TLS/SSL when connecting to a backend > server > > > by > > > > > > >> default, you are probably specifying this in your proxy > config or > > > > > > >> password database. > > > > > > >> > > > > > > >> Aki > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > >