"Dan" == Dan Conway darkc0de@archnix6.net writes:
Are you sure? I know that postfix can use the same backend database for authentication as dovecot, and dovecot can be the master, but dovecot does NOT listen on port 25 or 587 at all, those are all just used by Postfix.
Dan> Yes Dovecot will proxy the connection to the real MTA. My Dan> question is why authentication is always required on Dovecot when Dan> submission is used, as MTAs usually have an option to allow Dan> non-authenticated relaying.
Dan> On 7/28/21 10:19 AM, justina colmena ~biz wrote:
Dan> I am quite curious about the circumstances of this question. I was not aware that Dovecot Dan> actually offered mail submission service. If Dovecot does offer such a service, then it will Dan> have to relay the submitted mail to the real MTA, which is very likely not Dovecot. At the Dan> moment I have Postfix set up as MTA for that purpose —
Dan> Relaying on port 25 is usually quick and easy to whitelist for certain permitted hosts, but Dan> otherwise port 587, optionally with STARTTLS, and/or port 465 with SSL/TLS is generally set up Dan> for user authenticated mail submissions.
Dan> See also: Dan> https://www.mailgun.com/blog/which-smtp-port-understanding-ports-25-465-587/
Dan> On July 28, 2021 6:10:28 AM AKDT, Dan Conway darkc0de@archnix6.net wrote:
Dan> Hello, Dan> Is it possible to disable the requirement for authentication on the Dan> submission service? I'm trying to require authentication for all, except Dan> for a handful of IP addresses. Dan> Thank you.
Dan> ehlo test.com Dan> 250-aaa Dan> 250-AUTH PLAIN LOGIN Dan> 250-BURL imap Dan> 250-CHUNKING Dan> 250-DSN Dan> 250-ENHANCEDSTATUSCODES Dan> 250-SIZE Dan> 250 PIPELINING Dan> MAIL FROM:test@test.com Dan> 530 5.7.0 Authentication required.
Dan> -- Dan> Sent from my Android device with K-9 Mail. Please excuse my brevity.