Delivering locally through the Submission Server

Piotr Auksztulewicz dcml at hasiok.net
Tue Nov 3 12:31:34 EET 2020


On Mon, Nov 02, 2020 at 09:33:08PM +0100, R. Diez wrote:
> OK, so I gather that the Submission Server cannot do that (yet).

And probably would never do. It isn't its job description.

Actually, it is just a convenience/workaround feature, which comes handy
only if your own MTA cannot handle dovecot's SASL authentication (must be
something real strange) or there are some integration/security/policy
issue perceived (but I cannot think of any, actually). In this case you
can set up dovecot's submission server, which uses dovecot's authentication
settings, so you have single source of authentication, and whitelist
dovecot IP address in your MTA so it accepts anything that dovecot's
submission server lets through. But I don't think it is a good idea
personally, it is more open to exploitation this way, unless the
address is 127.0.0.1, in which case you can simply set up SASL over
Unix sockets, which is as secure as your host server is.

> It feels strange that a plug-in accessing the local user database for
> authentication purposes, and running on the same Dovecot server instance,
> needs to use an MTA to deliver a local message, it is like going out to come
> back in again. But I do not know much about mail servers yet. Have I missed
> some important concept here that makes this idea silly indeed?

The idea is to have one software package that does one defined set of
functions really well, as not to complicate things by lumping everything
together. Delivering mail is a generally complex process that needs
a separate expertise than storing/indexing/accessing email messages.
The concepts of MTA, MDA, MSA, MS and MUA are even outlined in the RFCs
(see for example RFC 5598 Chapter 4.), so it is no surprise that separate
software packages exits for these functions. In this context, dovecot
is primarily a MS and, consequently, a MDA; but it also contains an
add-on MSA - namely the submission server.

To have a complete email system, you also need MTA - and users need
MUAs. You can provide the MUA yourself (e.g. a webmail package) or
just let users shoose their MUAs themselves (IMAP clients mostly).

You may provide your MTA yourself and integrate it with dovecot.
In a simple case it is easy, lots of tutorials exist. Alternatively,
you could have someone else provide MTA service for you if you and
the other party come to an agreement. Only in this case the dovecot
submission server is useful, IMHO.

-- 
Piotr "Malgond" Auksztulewicz                     firstname at lastname.net


More information about the dovecot mailing list