On Tue, Jan 08, 2013 at 08:59:09AM -0500, Charles Marcus wrote:
So that postfix can use dovecot-sasl for remotely authenticating against another SMTP server, ie, for secure relays...
I don't think this makes sense for Dovecot to implement -- maybe P@rick and/or Timo will correct this if I am wrong.
Server SASL is a natural offshoot of an imapd, because the same credentials are used, and just as with an IMAP client, the imapd merely has to validate the credentials.
Client SASL is different. The credentials are not necessarily in use by the imapd otherwise, and the job of the client SASL library is to generate the authentication, not to validate it.
I don't expect to see Dovecot providing client SASL.
You mention secure relays; for this I generally use OpenVPN. With a tunnel between the sending and relaying systems, the mail goes through said tunnel.
Another good choice where this might not be possible is to use TLS certificate authentication:
http://www.postfix.org/TLS_README.html#server_access http://www.postfix.org/TLS_README.html#client_tls_policy
http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: