First off - could we stay on the rationale rather and avoid introducing tags like [ complaining ] and [ insist ] or [ *you* ]. Having started the thread was not meant as a complaint but simply inquiring about it. Not been insistent or insinuated such either. And [ *you* ] appears to be elevating the discussion to a personal level.
> Someone asking developers to add TLS to a daemon for a protocol that is > meant to be ran *locally* or on a trusted network, while complaining > that the proposed alternatives add unnecessary complexity. Oh the > irony... Fair enough if the developers are not inclined to the idea. The (V)LAN are trusted but it does not mean that (certain) types of traffic to flow unencrypted within such networks. > Even if you insist on running something called "local" on a different > host, you have presented yet another possible solution yourself: a VLAN. VLAN is not really about transport layer security and certain traffic may have to traverse across different VLANs. What is the semantic of [ local ] - a single physical machine, (V)LAN behind NAT, (V)LAN spawned from a secure tunnel? > If you really really really need TLS then you'll probably be better off > running a different instance of smtpd on the dovecot host, with an > extremely simple config that does nothing else than listening on 25 > using TLS and delivering everything via lmtpd. I am aware of it but that was not the point of asking about lmpts. > There are plenty of solutions. Unfortunately for you, nearly all of > them require that it is you that handle the complexity *you* require, > instead of offloading it to the devs. That was again not the point of asking about lmpts but certainly musing of why the dovecot/postfix developers bothered with bloating their code by implementing lmpts if it is such an outlandish idea? > >> Neither is utilizing dovecot's native lmpts stack though and adding >> (unnecessary) complexity to the network. >> postfix has ltmps implemented and perhaps the smptd developers may >> consider to follow suit some day. >>> I can recommend lmtp over spiped, works great. >>>> You could probably use ssh to tunnel it or something similar. >>>>> Sure and makes certainly sense, but you can still have (V)LAN servers >>>>> with different subnets and not necessarily everything on a single >>>>> server/subnet. >>>>>> from the lmtp rfc >>>>>> >>>>>> Â Â Â The LMTP protocol SHOULD NOT be used over wide area networks. >>>>>>>> You don't really need to do secure lmtp because lmtp primarily runs on >>>>>>>> a trusted network anyway. In fact, if you're running smtp and dovecot >>>>>>>> on the same server, just use lmtp over a Unix domain socket. >>>>>>>>> dovecot supports TLS over LMTP(S). Been searching the net but could >>>>>>>>> not >>>>>>>>> find a trace about smtpd support for lmtps and hence wondering whether >>>>>>>>> such implemented? >> -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
