Dovecot version 2.3.19.1 (9b53102964)
Postfix version 3.5.18
We have a Postfix server that runs on a VPS with a hosting company and
a Dovecot IMAP server that runs at the office.
We want Postfix to push the mail it receives to the Dovecot IMAP
server, using the least amount of intermediate software. This transfer
occurs over the open internet.
LMTP over TCP seems like a great solution, *if* it can be secured. But
I'm not finding documentation on how to actually setup something like
two-way TLS over LMTP.
1. Is there any setting in Dovecot where I can set a remote IP address
(or hostname) that will be the only address that Dovecot's LMTP accepts
connections from?
2. My current configuration options for LMTP in Dovecot look like:
protocol lmtp {
ssl_cert = </etc/ssl/imap/imap.crt
ssl_key = </etc/ssl/imap/imap.key
ssl_ca = </etc/ssl/imap/authority.crt
ssl_verify_client_cert = yes
auth_ssl_require_client_cert = yes
}
service lmtp {
user = vmail
inet_listener lmtp {
address = * ::
port = 24
}
}
With these settings, I can telnet from the Postfix server to the
Dovecot server with LMTP, and I'm not convinced there is any encryption
actually enabled or any TLS verification going on.
Is there any reasonable security that can be setup to make this safe
(within Dovecot and Postfix settings, not using VPNs and SSH tunnels)?
If so, how?
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
