[pfx] Re: Connect Postfix to Dovecot SASL with TLS?
Dnia 3.11.2023 o godz. 08:00:43 Wietse Venema via Postfix-users pisze: > Nick Lockheart via Postfix-users: > > What are the Postfix settings for TLS between Postfix and Dovecot SASL? > > This is not documented, therefore not implemented. What is your > threat model: am attacker has privileged access to a system on the > path between Postfix and Dovecot? I would expect that reasonable > deployments have Postfix and Dovecot in close proximity. If you want to secure Postfix-Dovecot connection using TLS, do it outside of Postfix and Dovecot - use stunnel for this. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Connect Postfix to Dovecot SASL with TLS?
Nick Lockheart via Postfix-users: > > If I have Postfix configured to use Dovecot SASL via TCP, and Dovecot > is running on a remote server, can I set up Postfix to use TLS for its > connection to Dovecot SASL? > > Postfix main.cf: > > smtpd_sasl_path = inet:dovecot.example.com:12345 > smtpd_sasl_type = dovecot > > > Dovecot: > > service auth { > inet_listener { >address = * :: >port = 12345 >ssl=yes > } > } > > What are the Postfix settings for TLS between Postfix and Dovecot SASL? This is not documented, therefore not implemented. What is your threat model: am attacker has privileged access to a system on the path between Postfix and Dovecot? I would expect that reasonable deployments have Postfix and Dovecot in close proximity. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org