[pfx] Re: Connect Postfix to Dovecot SASL with TLS?

2023-11-03 Thread Jaroslaw Rafa via Postfix-users 
Dnia  3.11.2023 o godz. 08:00:43 Wietse Venema via Postfix-users pisze:
> Nick Lockheart via Postfix-users:
> > What are the Postfix settings for TLS between Postfix and Dovecot SASL?
> 
> This is not documented, therefore not implemented. What is your
> threat model: am attacker has privileged access to a system on the
> path between Postfix and Dovecot? I would expect that reasonable
> deployments have Postfix and Dovecot in close proximity.

If you want to secure Postfix-Dovecot connection using TLS, do it outside of
Postfix and Dovecot - use stunnel for this.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Connect Postfix to Dovecot SASL with TLS?

2023-11-03 Thread Wietse Venema via Postfix-users 
Nick Lockheart via Postfix-users:
> 
> If I have Postfix configured to use Dovecot SASL via TCP, and Dovecot
> is running on a remote server, can I set up Postfix to use TLS for its
> connection to Dovecot SASL?
> 
> Postfix main.cf:
> 
> smtpd_sasl_path = inet:dovecot.example.com:12345
> smtpd_sasl_type = dovecot
> 
> 
> Dovecot:
> 
> service auth {
>  inet_listener {
>address = * ::
>port = 12345
>ssl=yes
>  }
> }
> 
> What are the Postfix settings for TLS between Postfix and Dovecot SASL?

This is not documented, therefore not implemented. What is your
threat model: am attacker has privileged access to a system on the
path between Postfix and Dovecot? I would expect that reasonable
deployments have Postfix and Dovecot in close proximity.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org