diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-05-28 13:52:48 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-05-28 14:17:19 +0200 |
| commit | 0084cd71699b4ad55c2912647f93afa32bbf7671 (patch) | |
| tree | 03ec41af2a3e9fd565805c86f4b4552c13daec66 /roles/IMAP-proxy/files/etc/stunnel | |
| parent | 05d59141d1115cafb663305d680a930f089b4851 (diff) | |
Remove the IMAP caching proxy.
Dovecot imapc requires two authentication rounds to the IMAP backend for
each connection. It seems suboptimal that Roundcube keeps connecting to
the IMAP server for each new connection, but benchmarks shows little
advantage in caching the IMAP sessions with imapproxy:
http://www.dovecot.org/list/dovecot/2012-February/133544.html
Diffstat (limited to 'roles/IMAP-proxy/files/etc/stunnel')
| -rw-r--r-- | roles/IMAP-proxy/files/etc/stunnel/roundcube.conf | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/roles/IMAP-proxy/files/etc/stunnel/roundcube.conf b/roles/IMAP-proxy/files/etc/stunnel/roundcube.conf deleted file mode 100644 index fe0bd5d..0000000 --- a/roles/IMAP-proxy/files/etc/stunnel/roundcube.conf +++ /dev/null @@ -1,62 +0,0 @@ -; ************************************************************************** -; * Global options * -; ************************************************************************** - -; setuid()/setgid() to the specified user/group in daemon mode -setuid = stunnel4 -setgid = stunnel4 - -; PID is created inside the chroot jail -pid = -foreground = yes - -; Only log messages at severity warning (4) and higher -debug = 4 - -; ************************************************************************** -; * Service defaults may also be specified in individual service sections * -; ************************************************************************** - -; Certificate/key is needed in server mode and optional in client mode -;cert = /etc/stunnel/mail.pem -;key = /etc/stunnel/mail.pem -client = yes -socket = a:SO_BINDTODEVICE=lo - -; Some performance tunings -socket = l:TCP_NODELAY=1 -socket = r:TCP_NODELAY=1 - -; Prevent MITM attacks -verify = 4 - -; Disable support for insecure protocols -options = NO_SSLv2 -options = NO_SSLv3 -options = NO_TLSv1 -options = NO_TLSv1.1 - -options = NO_COMPRESSION - -; These options provide additional security at some performance degradation -options = SINGLE_ECDH_USE -options = SINGLE_DH_USE - -; Select permitted SSL ciphers -ciphers = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL - -; ************************************************************************** -; * Service definitions (remove all services for inetd mode) * -; ************************************************************************** - -[imaps] -accept = localhost:143 -connect = imap.fripost.org:993 -CAfile = /etc/stunnel/certs/imap.fripost.org.pem - -[ldaps] -accept = localhost:389 -connect = ldap.fripost.org:636 -CAfile = /etc/stunnel/certs/ldap.fripost.org.pem - -; vim:ft=dosini |