Re: Require certificate for external clients
Hi, Am 28.02.2015 um 00:28 schrieb Joseph Tam: > That should be qualified as "Is it possible to have Dovecot imap/pop > daemons listening on multiple ports for a single running instance." Yes, exactly. > You can share libraries, binaries, > log files, but use separate configuration files, specifying different > ports/addresses/ssl-configs/auth/access parameters. Then you can fire > them both up > > dovecot -c /dovecot/etc/dovecot-1.conf > dovecot -c /dovecot/etc/dovecot-2.conf I will have to look into it. I'm afraid that I would have to fiddle around with the default unit files. Also I'm not completely sure how this would work with all of the configuration files that have been split off into small chunks and get included at some point. This is probably going to be messy rather quickly :'(. Thanks for your suggestion. Best regards, Karol Babioch signature.asc Description: OpenPGP digital signature
Require certificate for external clients
Hi list, I'm currently looking into ways of making use of client certificates. I want to force external clients (i.e. anything outside the local subnet) to use client certificates. It is my understanding that this in itself can be achieved with the "ssl_require_client_cert" setting. However, I also want local clients (i.e. anything from a specific subnet) to be able to authenticate by the usual means (i.e. password-based). As far as I know dovecot is not able to operate on multiple ports, as stated in the FAQ [1]. The redirect approach, which is also mentioned there, is of no help to me, because in my case I would need a different setup on both ports. Other suggestions [2] won't work in my case either. I probably could get away with using "imaps" for external clients, while using "imap" (without SSL) for internal ones. Having said this, I don't quite like the idea, especially since the traffic might pass through some potentially unsecure networks and I don't want to bother with VPN/SSH tunnels for that purpose. A native SSL/TLS solution would be very much appreciated. Is there a (recommended) way to do this? Thanks in advance. Best regards, Karol Babioch [1]: http://wiki.dovecot.org/QuestionsAndAnswers#Is_it_possible_to_have_Dovecot_imap.2BAC8-pop_daemons_listening_on_multiple_ports.3F [2]: http://www.dovecot.org/list/dovecot/2010-November/054804.html signature.asc Description: OpenPGP digital signature
[Dovecot] ManageSieve with SSL/TLS only
Hi, I'm quite new to Dovecot and ManageSieve, so probably I've missed something, although I couldn't find any hints in the wiki. I'm interested in running ManageSieve with SSL/TLS only. So is there any way to reject any non encrypted connections? I couldn't find any parameter for this purpose. I'm currently using dovecot 1.2.15 provided with Debian Squeeze, but I couldn't find any parameter in the 2.0 branch neither. Best regards, Karol Babioch signature.asc Description: OpenPGP digital signature