On Sat, 2023-11-04 at 16:32 -0700, Michael Peddemors wrote:
Why use Dovecot/IMAP at all for the SMTP Authentication, can't you simply go direct to your database?
On 2023-11-03 09:55, Nick Lockheart wrote:
I have a Dovecot IMAP server and a Postfix server on separate machines. The user information is stored in a MariaDB database that is replicated on both servers.
Postfix needs to authenticate outgoing mail against our valid user database. I believe this requires us to install a "dummy" Dovecot on the Postfix server so that Dovecot SASL can provide authentication to Postfix from the database.
I think Cyrus had a standalone Cyrus-SASL package, but Dovecot doesn't?
If I wanted to setup a Dovecot instance on the Postfix server just for the purposes of SMTP authentication, and not use it to handle any mail, what is the minimum configuration required to make that work?
Is the dovecot-common package (Debian) enough? Or do I need the full dovecot-imap package?
What protocols go in the protocols directive? Can you just make it "protocols = auth" to disable IMAP connections?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
As far as I am aware, the only way to authenticate users for relay with Postfix is to use SASL with either the Dovecot SASL implementation or the Cyrus SASL implementation.
https://www.postfix.org/SASL_README.html
"Actually postfix can auth with sasl without dovecot"
@Paul Kudla: It looks like you may be using the Cyrus SASL implementation, which is part of the Cyrus IMAP server, but they make the SASL module a separate binary.
If I could use Postfix to mysql directly, that would be great.
But since it seems like you need one of the two SASL implementations (Dovecot or Cyrus), I was preferring to use Dovecot since it will support the same password encryption schemes that the Dovecot IMAP server uses, and the SMTP and IMAP servers can then share a replicated user database.
I can't use the real Dovecot IMAP server for auth, because it runs on a separate server, and Postfix does not support TLS connections for SASL.
So I need a Dovecot SASL-only instance on the server with Postifx, while the Dovecot IMAP instance with real mail runs on another server.
My question is, what is the minimum config for Dovecot to make it do SASL auth, but not do anything else?
Is the dovecot-common package enough to get the auth module? Can you even start dovecot-common as a service, or must I use either the dovecot-pop or dovcot-imap to actually get a usable daemon? Which (pop or imap) is lighter weight, since mail services will be shutoff anyway?
Should I put protocols = none in the configuration file to make it do
nothing but auth:
protocols = none
service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } }
And then configure passdb and userdb per normal?