[Dovecot] Dovecot proxy and Postfix SASL

Andreas Kasenides andreas at cymail.eu
Tue Dec 17 15:22:13 EET 2013


To be fair on this: The main driver behind this is security and having
front end systems in a DMZ with only minimal (if any) access to the back 
end servers.
Of course saslauthd will need SOME access to the remote (back-end) IMAP 
(one IP port?).
But this can also be accomplished by having the front end Postfix 
authenticate on the
Dovecot back-end by setting it up to talk to the auth process via an 
ip-listener
ALSO on just one IP port.
Does this make sense? AM I missing something?

Andreas

On 17-12-2013 14:48, Andreas Kasenides wrote:
> Can somebody please verify that currently (v 2.2.9) SMTP AUTH using 
> SASL
> from Postfix with Dovecot proxy is still not supported as discussed in
> these threads
> (especially the first one)?
> 
> http://www.dovecot.org/list/dovecot/2012-August/067977.html
> http://www.dovecot.org/list/dovecot/2011-May/059107.html
> 
> As I understand it is possible to use saslauthd to do this by using the 
> remote
> imap option (rimap). Such a facility is important since I am
> attempting to separate the
> outward facing servers (dovecot proxy, postfix relay) that have no
> knowledge of user databases
> from the backends.
> 
> thanx
> Andreas


More information about the dovecot mailing list