[Dovecot] Dovecot proxy and Postfix SASL
Andreas Kasenides
andreas at cymail.eu
Tue Dec 17 15:22:13 EET 2013
To be fair on this: The main driver behind this is security and having
front end systems in a DMZ with only minimal (if any) access to the back
end servers.
Of course saslauthd will need SOME access to the remote (back-end) IMAP
(one IP port?).
But this can also be accomplished by having the front end Postfix
authenticate on the
Dovecot back-end by setting it up to talk to the auth process via an
ip-listener
ALSO on just one IP port.
Does this make sense? AM I missing something?
Andreas
On 17-12-2013 14:48, Andreas Kasenides wrote:
> Can somebody please verify that currently (v 2.2.9) SMTP AUTH using
> SASL
> from Postfix with Dovecot proxy is still not supported as discussed in
> these threads
> (especially the first one)?
>
> http://www.dovecot.org/list/dovecot/2012-August/067977.html
> http://www.dovecot.org/list/dovecot/2011-May/059107.html
>
> As I understand it is possible to use saslauthd to do this by using the
> remote
> imap option (rimap). Such a facility is important since I am
> attempting to separate the
> outward facing servers (dovecot proxy, postfix relay) that have no
> knowledge of user databases
> from the backends.
>
> thanx
> Andreas
More information about the dovecot
mailing list