On Mon, Nov 02, 2020 at 09:33:08PM +0100, R. Diez wrote:
OK, so I gather that the Submission Server cannot do that (yet).
And probably would never do. It isn't its job description.
Actually, it is just a convenience/workaround feature, which comes handy only if your own MTA cannot handle dovecot's SASL authentication (must be something real strange) or there are some integration/security/policy issue perceived (but I cannot think of any, actually). In this case you can set up dovecot's submission server, which uses dovecot's authentication settings, so you have single source of authentication, and whitelist dovecot IP address in your MTA so it accepts anything that dovecot's submission server lets through. But I don't think it is a good idea personally, it is more open to exploitation this way, unless the address is 127.0.0.1, in which case you can simply set up SASL over Unix sockets, which is as secure as your host server is.
It feels strange that a plug-in accessing the local user database for authentication purposes, and running on the same Dovecot server instance, needs to use an MTA to deliver a local message, it is like going out to come back in again. But I do not know much about mail servers yet. Have I missed some important concept here that makes this idea silly indeed?
The idea is to have one software package that does one defined set of functions really well, as not to complicate things by lumping everything together. Delivering mail is a generally complex process that needs a separate expertise than storing/indexing/accessing email messages. The concepts of MTA, MDA, MSA, MS and MUA are even outlined in the RFCs (see for example RFC 5598 Chapter 4.), so it is no surprise that separate software packages exits for these functions. In this context, dovecot is primarily a MS and, consequently, a MDA; but it also contains an add-on MSA - namely the submission server.
To have a complete email system, you also need MTA - and users need MUAs. You can provide the MUA yourself (e.g. a webmail package) or just let users shoose their MUAs themselves (IMAP clients mostly).
You may provide your MTA yourself and integrate it with dovecot. In a simple case it is easy, lots of tutorials exist. Alternatively, you could have someone else provide MTA service for you if you and the other party come to an agreement. Only in this case the dovecot submission server is useful, IMHO.
-- Piotr "Malgond" Auksztulewicz firstname@lastname.net