Thanks for the reply, postfix + dovecot sasl configured and working properly. My question is about "adding dovecot authentication when sending emails via submission_host".
Let's say we have dovecot + sieve plugin container. Dovecot configured to use remote SMTP submission host to send messages: submission_host = postfix.example.com:587
User foo@example.com has the following sieve script: require ["fileinto", "copy", "vacation", "date", "relational"] ; redirect :copy "bar@example.com"; keep;
baz@example.com sending email to foo@example.com
dovecot lmtp log: lmtp(foo@example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve: msgid=<63fce409f26b1a67785a475a00034a05@mail.example.com>: redirect action: failed to redirect message to <bar@example.com>: smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 <bar@example.com>: Recipient address rejected: Access denied (permanent failure) lmtp(foo@example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve: msgid=<63fce409f26b1a67785a475a00034a05@mail.example.com>: stored mail into mailbox 'INBOX' lmtp(foo@example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve: Execution of script /var/dovecot/example.com/foo/foo.sieve failed, but implicit keep was successful (user logfile /var/dovecot/example.com/foo/foo.sieve.log may reveal additional details)
sieve.log error: msgid=<63fce409f26b1a67785a475a00034a05@mail.example.com>: redirect action: failed to redirect message to <bar@example.com>: smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 <bar@example.com>: Recipient address rejected: Access denied (permanent failure).
postfix log: NOQUEUE: reject: RCPT from unknown[10.0.1.4]: 554 5.7.1 <bar@example.com>: Recipient address rejected: Access denied; from=<baz@example.com> to=<bar@example.com>
redirect :copy action failed, its expected behavior, dovecot do not auth when sending email via submisson_host. If there is setting like submission_host_master_user = master@example.com submission_host_master_password = masterpass to do authentication as master user in postfix who can send email as any user...
От: dovecot <dovecot-bounces@dovecot.org> от имени dovecot@ptld.com <dovecot@ptld.com> Отправлено: 17 января 2023 г. 18:25 Кому: dovecot@dovecot.org <dovecot@dovecot.org> Тема: Re: submission_host auth
When using dovecot container with sieve plugin there is no sendmail to use for sending email for sieve redirect action for example. We can use submission_host instead https://doc.dovecot.org/settings/core/#core_setting-submission_host but there is no way to specify credentials for auth in remote MTA. Submission_relay_* settings e.g. submission_relay_master_user relate to dovecot submission service. Using something like permit_mynetworks in remote MTA is not acceptable for security reasons.
Is it possible to add authorization in the remote MTA using submission_host?
You start the auth service in dovecot, then tell the MTA to use it. For example, if you use postfix this explains how:
https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/