(forgot to send to list)
Hi Matthias,
Here a litte bit of code snipplets how I configured dovecot authentication via relay domains. No user-handling in postfix exept relay domains and virtual alias map, user-handling over dovecot SASL/LMTP.
This is no complete configuration, no warranty that this works for you!
Greetings, Jan
# /etc/dovecot/conf.d/10-master.conf
#
service auth { unix_listener auth-userdb { mode = 0600 user = dovemail group = dovemail }
unix_listener /var/spool/postfix/private/auth { mode = 0660 # Assuming the default Postfix user and group user = postfix group = postfix } ### Also possible: # inet_listener { # port = 12345 # } }
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0660 user = postfix group = postfix } ### Also possible: # inet_listener lmtp { # address = 192.168.0.123 127.0.0.1 ::1 # port = 24 # } }
# /etc/postfix/lmtp_domains
yourdomain.invalid lmtp:unix:private/dovecot-lmtp
# /etc/postfix/main.cf
transport_maps = btree:/etc/postfix/lmtp_domains,[...] relay_domains = btree:/etc/postfix/lmtp_domains,[...]
unverified_recipient_reject_code = 577
smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = # no dirty mails reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, # Authorized mailers permit_sasl_authenticated, permit_mynetworks, # Policyd-Weight check_policy_service inet:127.0.0.1:12525, # Dynamic check of relay-recipients reject_unverified_recipient, # permit_mx_backup, reject_unauth_destination, permit