> On Sep 17, 2018, at 6:59 AM, Alexander Chekalin > <[email protected]> wrote: > > Hi, > > I try to set up dovecot as a proxy server, to proxy requests to several > dovecot-based backend servers. I wand external clients who connects to this > proxy Dovecot to use TLS (this is easy to set up) while want to have > unsecured (plain IMAP/POP) connections to backends. > > You see, links to backends are over LAN so no TLS needed, and these backends > are poor old machines (with old Docecots like 2.0.6) this is why I don't want > to use TLS to acces backends.
A better security practice would be to also use TLS to the backend. You want a defense in depth rather than a "crunchy shell around a soft, chewy center." Jim
