From de4859456f1de54540c96ad97f62858dd089a980 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 1 Jul 2014 23:02:45 +0200 Subject: Replace IPSec tunnels by app-level ephemeral TLS sessions. For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well. --- roles/IMAP/files/etc/dovecot/conf.d/10-master.conf | 5 ----- roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf | 12 ------------ 2 files changed, 17 deletions(-) (limited to 'roles/IMAP/files') diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf index d477d01..30a6f8b 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-master.conf @@ -15,11 +15,6 @@ default_login_user = dovenull default_internal_user = dovecot service imap-login { - inet_listener imap { - address = 172.16.0.1 - port = 143 - ssl = no - } inet_listener imaps { port = 993 ssl = yes diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf index c5e61d7..526da9c 100644 --- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf +++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf @@ -5,18 +5,6 @@ # SSL/TLS support: yes, no, required. ssl = required -# No need for SSL if the packets are protected by IPSec. -local 172.16.0.1 { - protocol imap { - disable_plaintext_auth = no - ssl = no - } - protocol sieve { - disable_plaintext_auth = no - ssl = no - } -} - # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed -- cgit v1.2.3