On 08/11/2013 13:34, Timo Sirainen wrote:
Dovecot MTA isn’t intended to be run standalone, most likely it can only deliver mails to Dovecot LMTP.
May I clarify? So Dovecot MTA might be for inbound SMTP only? Or also for outbound SMTP? (From the feature list I'd assumed outbound, as well.)
If also for outbound, we have thought to run inbound and outbound on different servers, with the outbound server not listening to any internet-capable ports, simply to reduce further the opportunity for external access leading to spam generation (because any inbound access could lead to privilege escalation due to some exploit, and alter the ACLs, for example).
Running on separate servers would imply standalone (unless config data is on NFS, perhaps).
Very supportive for the ideas listed, especially around email authentication, and security.
Ron