Thanks for the reply, postfix + dovecot sasl configured and working properly.
My question is about "adding dovecot authentication when sending emails via submission_host".
Let's say we have dovecot + sieve plugin container.
Dovecot configured to use remote SMTP submission host to send messages:
submission_host = postfix.example.com:587
User foo@example.com has the following sieve script:
require ["fileinto", "copy", "vacation", "date", "relational"] ;
redirect :copy "bar@example.com";
keep;
baz@example.com sending email to foo@example.com
dovecot lmtp log:
lmtp(foo@example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve: msgid=<63fce409f26b1a67785a475a00034a05@mail.example.com>:
redirect action: failed to redirect message to <bar@example.com>: smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 <bar@example.com>: Recipient address rejected: Access denied (permanent failure)
lmtp(foo@example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve: msgid=<63fce409f26b1a67785a475a00034a05@mail.example.com>:
stored mail into mailbox 'INBOX'
lmtp(foo@example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve: Execution of script /var/dovecot/example.com/foo/foo.sieve
failed, but implicit keep was successful (user logfile /var/dovecot/example.com/foo/foo.sieve.log may reveal additional details)
sieve.log
error: msgid=<63fce409f26b1a67785a475a00034a05@mail.example.com>: redirect action: failed to
redirect message to <bar@example.com>: smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 <bar@example.com>: Recipient address rejected: Access denied (permanent failure).
postfix log:
NOQUEUE: reject: RCPT from unknown[10.0.1.4]: 554 5.7.1 <bar@example.com>: Recipient address
rejected: Access denied; from=<baz@example.com> to=<bar@example.com>
redirect :copy action failed, its expected behavior, dovecot do not auth when sending email
via submisson_host.
If there is setting like
submission_host_master_user = master@example.com
submission_host_master_password = masterpass
to do authentication as master user in postfix who can send email as
any user...
От: dovecot <dovecot-bounces@dovecot.org> от имени dovecot@ptld.com <dovecot@ptld.com>
Отправлено: 17 января 2023 г. 18:25
Кому: dovecot@dovecot.org <dovecot@dovecot.org>
Тема: Re: submission_host auth
> When using dovecot container with sieve plugin there is no sendmail to use for sending email for sieve redirect action for example. We can use submission_host instead
https://doc.dovecot.org/settings/core/#core_setting-submission_host but there is no way to specify credentials for auth in remote MTA. Submission_relay_* settings e.g. submission_relay_master_user relate to dovecot submission service. Using something like
permit_mynetworks in remote MTA is not acceptable for security reasons.
>
> Is it possible to add authorization in the remote MTA using submission_host?
You start the auth service in dovecot, then tell the MTA to use it.
For example, if you use postfix this explains how:
https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/