postfix can use LDAP for authentication (i.e. SASL) and for validation("ldap" table).
As best I can tell, postfix cannot use dovecot to validate addresses, if you want that you will need postfix to talk directly to ldap. GOTCHA: use the "postconf -m" command to check that the "ldap" table is available in your distro - it wasn't in mine (Alpine).
For authentication, postfix can use smtpd_sasl_type = "cyrus" or "dovecot". "cyrus" uses the saslauthd authentication daemon from the Cyrus mail package and "dovecot" uses the dovecot/auth daemon. These options are much more similar that they might seem. Both are a thin layer over the OpenLDAP libldap library. Postfix can talk to either auth daemon over a Unix domain socket or in the Dovecot case, over an IP socket with a simple proprietary protocol. The protocols they speak are different but very similar - they achieve the same thing.
Use "postconf -a" command to check which authentication types are available in your distro.
Computationally speaking, there probably isn't that much difference. For my system, I chose not to use the dovecot SASL in Postfix for various reasons but mostly to remove dependencies between the packages. This way I could "switch out" either package if required and avoid too much pain..
That's my 2 cents.
On 9/05/2023 5:30 pm, dovecot--- via dovecot wrote:
The question about best practices was more a conceptual one. Should dovecot and postfix talk independently to the LDAP database? Or should dovecot be the gateway for postfix to get the information out of the LDAP database?
Just my 2 cents, id have postfix talk directly to LDAP to see if a user is valid for accepting mail. Having it go through dovecot is just adding extra moving parts and overhead. Cut out the middle man since postfix would be talking to the same "database" that dovecot would. Why give dovecot more work?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- This email has been checked for viruses by AVG antivirus software. www.avg.com