[Dovecot] The submission server
Hi,
As many others I'm looking forward to the submission server. But I have a question:
A use-case with authenticated SMTP is to have the server restrict From/Sender headers based on the authenticated user. (and adding the actual authenticated user to the headers) Postfix supports this (AFAICS) and I can't imagine Exims doesn't either with it's elaborate config possibilities.
But will that be possible with the Dovecot submission server?
/Peter
Hi,
On 2/17/2014 7:51 PM, Peter Mogensen wrote:
Hi,
As many others I'm looking forward to the submission server. But I have a question:
A use-case with authenticated SMTP is to have the server restrict From/Sender headers based on the authenticated user. (and adding the actual authenticated user to the headers) Postfix supports this (AFAICS) and I can't imagine Exims doesn't either with it's elaborate config possibilities.
But will that be possible with the Dovecot submission server?
The submission server is in its current design solely a proxy to a normal MTA (which will probably change somewhat when Dovecot gets its own MTA). So, if the backend MTA can perform this sender enforcement, you should have your solution already. One piece of the puzzle is important though: a method to convey the authenticated username to the backend. For Postfix this is already implemented through XCLIENT. I haven't looked whether Exim supports something like this.
Also, adding this feature to the submission server itself should not be difficult either. The main problem is that it needs to obtain a list of allowed addresses from a user database.
Regards,
Stephan.
On 2014-02-17 21:06, Stephan Bosch wrote:
One piece of the puzzle is important though: a method to convey the authenticated username to the backend.
yeah... I figured that would be the crucial part.
Does the dovecot proxy send the authentication name, or the SASL authorization name?
/Peter
On 2/17/2014 9:42 PM, Peter Mogensen wrote:
On 2014-02-17 21:06, Stephan Bosch wrote:
One piece of the puzzle is important though: a method to convey the authenticated username to the backend.
yeah... I figured that would be the crucial part.
Does the dovecot proxy send the authentication name, or the SASL authorization name?
Actually, XCLIENT support is implemented, but it turns out I haven't enabled sending LOGIN= yet. :)
It will send the authorization name; i.e. the name of the user whose account is being accessed and not the name of e.g. a master user when that was used for authentication.
Regards,
Stephan.
participants (2)
-
Peter Mogensen
-
Stephan Bosch