To be fair on this: The main driver behind this is security and having front end systems in a DMZ with only minimal (if any) access to the back end servers. Of course saslauthd will need SOME access to the remote (back-end) IMAP (one IP port?). But this can also be accomplished by having the front end Postfix authenticate on the Dovecot back-end by setting it up to talk to the auth process via an ip-listener ALSO on just one IP port. Does this make sense? AM I missing something?
Andreas
On 17-12-2013 14:48, Andreas Kasenides wrote:
Can somebody please verify that currently (v 2.2.9) SMTP AUTH using SASL from Postfix with Dovecot proxy is still not supported as discussed in these threads (especially the first one)?
http://www.dovecot.org/list/dovecot/2012-August/067977.html http://www.dovecot.org/list/dovecot/2011-May/059107.html
As I understand it is possible to use saslauthd to do this by using the remote imap option (rimap). Such a facility is important since I am attempting to separate the outward facing servers (dovecot proxy, postfix relay) that have no knowledge of user databases from the backends.
thanx Andreas