Dovecot Imap Proxy mit SSL/TLS

Install Dovecot

apt-get install dovecot-imapd

Edit /etc/dovecot/conf.d/auth-static.conf.ext

In der auth-static.conf.ext werden der Backend-Server und die Verbindungsparameter definiert. userdb ist dabei irrelevant.

passdb {
  driver = static
  args = proxy=y proxy_nopipelining=y host=mybackendmailserver.lan nopassword=y nodelay=y nologin=y starttls=any-cert
}
userdb {
  driver = static
  args = static uid=9999 gid=9999 home=/dev/null
}

Edit /etc/dovecot/conf.d/10-master.conf

In der 10-master.conf wird ein TCP-Listener für LMTP angelegt. (Ersetze <%= ipaddress_eth0 %> mit der IP von eth0)

service imap-login {
  inet_listener imap {
    port = 143
    address = <%= ipaddress_eth1 %>
  }
  inet_listener imaps {
    port = 993
    ssl = yes
    address = <%= ipaddress_eth1 %>
  }
}
service imap {
}

Edit /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = yes
auth_mechanisms = plain
!include auth-static.conf.ext

Edit /etc/dovecot/conf.d/10-ssl.conf

ssl = required
ssl_cert =</etc/dovecot/ssl/dovecot.crt
ssl_key  =</etc/dovecot/ssl/dovecot.key
ssl_dh_parameters_length = 1024
ssl_protocols = !SSLv2
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_prefer_server_ciphers = yes