On 2021-07-29 10:12, Vladislav Kurz wrote:
I thought that mandatory authentication is the whole point of having mail submission on other port than 25. But looking at the RFC: https://datatracker.ietf.org/doc/html/rfc6409#section-4.3 It says that authorization by other means (being within a protected subnetwork) is possible.
from the time of pop-before-smtp rfc1918 have always worked for all, when a single ip could open up smtp auth for multiple rfc1918 ips in the time frame could relay all the mails without any needs for provide any password for it
hopefully none like to see this back
not even on ipv6 btw
Anyway, as dovecot ultimately passes the mail to MTA, it is much easier to make the unauthenticated IP relay list in MTA, and submit on port 25.
it could still be another port then 25 there, it will be a mess to mix outbound and inbound on same port
Or is there something special you want doevecot to do with those mails?
hopefull no, i think dovecot have submission for director hosts to still use one single mta server for outbound, not to change hos end users uses it