Delivering locally through the Submission Server
Aki Tuomi
aki.tuomi at open-xchange.com
Tue Nov 3 12:37:07 EET 2020
> On 03/11/2020 12:31 Piotr Auksztulewicz <dcml at hasiok.net> wrote:
>
>
> On Mon, Nov 02, 2020 at 09:33:08PM +0100, R. Diez wrote:
> > OK, so I gather that the Submission Server cannot do that (yet).
>
> And probably would never do. It isn't its job description.
>
> Actually, it is just a convenience/workaround feature, which comes handy
> only if your own MTA cannot handle dovecot's SASL authentication (must be
> something real strange) or there are some integration/security/policy
> issue perceived (but I cannot think of any, actually). In this case you
> can set up dovecot's submission server, which uses dovecot's authentication
> settings, so you have single source of authentication, and whitelist
> dovecot IP address in your MTA so it accepts anything that dovecot's
> submission server lets through. But I don't think it is a good idea
> personally, it is more open to exploitation this way, unless the
> address is 127.0.0.1, in which case you can simply set up SASL over
> Unix sockets, which is as secure as your host server is.
>
Submission service is not only a proxy, it
- provides authentication natively from Dovecot
- provides features like BURL, and maybe in future outbound Sieve
but it does require real MTA behind.
--
Aki
More information about the dovecot
mailing list