summaryrefslogtreecommitdiffstats
path: root/roles/IMAP-proxy/files/etc/stunnel
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-28 13:52:48 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-28 14:17:19 +0200
commit0084cd71699b4ad55c2912647f93afa32bbf7671 (patch)
tree03ec41af2a3e9fd565805c86f4b4552c13daec66 /roles/IMAP-proxy/files/etc/stunnel
parent05d59141d1115cafb663305d680a930f089b4851 (diff)
Remove the IMAP caching proxy.
Dovecot imapc requires two authentication rounds to the IMAP backend for each connection. It seems suboptimal that Roundcube keeps connecting to the IMAP server for each new connection, but benchmarks shows little advantage in caching the IMAP sessions with imapproxy: http://www.dovecot.org/list/dovecot/2012-February/133544.html
Diffstat (limited to 'roles/IMAP-proxy/files/etc/stunnel')
-rw-r--r--roles/IMAP-proxy/files/etc/stunnel/roundcube.conf62
1 files changed, 0 insertions, 62 deletions
diff --git a/roles/IMAP-proxy/files/etc/stunnel/roundcube.conf b/roles/IMAP-proxy/files/etc/stunnel/roundcube.conf
deleted file mode 100644
index fe0bd5d..0000000
--- a/roles/IMAP-proxy/files/etc/stunnel/roundcube.conf
+++ /dev/null
@@ -1,62 +0,0 @@
-; **************************************************************************
-; * Global options *
-; **************************************************************************
-
-; setuid()/setgid() to the specified user/group in daemon mode
-setuid = stunnel4
-setgid = stunnel4
-
-; PID is created inside the chroot jail
-pid =
-foreground = yes
-
-; Only log messages at severity warning (4) and higher
-debug = 4
-
-; **************************************************************************
-; * Service defaults may also be specified in individual service sections *
-; **************************************************************************
-
-; Certificate/key is needed in server mode and optional in client mode
-;cert = /etc/stunnel/mail.pem
-;key = /etc/stunnel/mail.pem
-client = yes
-socket = a:SO_BINDTODEVICE=lo
-
-; Some performance tunings
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
-
-; Prevent MITM attacks
-verify = 4
-
-; Disable support for insecure protocols
-options = NO_SSLv2
-options = NO_SSLv3
-options = NO_TLSv1
-options = NO_TLSv1.1
-
-options = NO_COMPRESSION
-
-; These options provide additional security at some performance degradation
-options = SINGLE_ECDH_USE
-options = SINGLE_DH_USE
-
-; Select permitted SSL ciphers
-ciphers = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
-
-; **************************************************************************
-; * Service definitions (remove all services for inetd mode) *
-; **************************************************************************
-
-[imaps]
-accept = localhost:143
-connect = imap.fripost.org:993
-CAfile = /etc/stunnel/certs/imap.fripost.org.pem
-
-[ldaps]
-accept = localhost:389
-connect = ldap.fripost.org:636
-CAfile = /etc/stunnel/certs/ldap.fripost.org.pem
-
-; vim:ft=dosini