Dne středa 28. července 2021 19:08:17 CEST, Dan Conway napsal(a):
Yes Dovecot will proxy the connection to the real MTA. My question is why authentication is /always/ required on Dovecot when submission is used, as MTAs usually have an option to allow non-authenticated relaying.
I thought that mandatory authentication is the whole point of having mail submission on other port than 25. But looking at the RFC: https://datatracker.ietf.org/doc/html/rfc6409#section-4.3 It says that authorization by other means (being within a protected subnetwork) is possible.
Anyway, as dovecot ultimately passes the mail to MTA, it is much easier to make the unauthenticated IP relay list in MTA, and submit on port 25.
Or is there something special you want doevecot to do with those mails?
-- Best Regards Vladislav Kurz