> Gary Flynn <[EMAIL PROTECTED]> writes:
>
> > I'd be interested in hearing about others' experiences on
> > the impact of stunnel or SASL on server resources. Any
> > thoughts on the relative merits of either architecture
> > of providing SSL sessions would also be appreciated. We'll
> > need to protect both the IMAP and IMSP sessions.
>> I believe TLS would eat non-neglible amount of CPU for your setup. I
Simon Josefsson <[EMAIL PROTECTED]> said:
> would split your users to multiple servers to start with. Or use
> front ends which is the TLS endpoint, and proxies the session to the
> right server, then the mail server doesn't need to do TLS as well.
>
I agree. We use stunnel on seperate machines to provide SSL IMAP and SSL POP
connections to a CYRUS mail server. This means that the CYRUS server box doesn't
incure the overhead of having to negotiate 2 TCP conenctions for every 1 client,
as well as the SSL negotiation overhead.
