Hi all:
The Dovecot Submission Service is very enticing for laz... I mean for busy people like me. A couple of lines in dovecot.conf , and you have a local SMTP server that does authentication. No SASL loops to jump through! Very cool people like me also appreciate cool new features like BURL.
But now I want to understand its limitations. Say I just bought e-mail domain xxx@example.org . Say employee A has e-mail address a@example.org .
It this employee turns evil, will he/she be able to send e-mails impersonating b@example.org ? Or does the Dovecot Submission Service check that he only has permission to send as a@example.org ?
My requirements are pretty modest. Basically e-mail should just be sent all right. But are there any other reasons why I should avoid the Dovecot Submission Server anyway? The documentation does not really say much.
Thanks in advance, rdiez