2.2.15: SMTP submission server?

Robert Schetterer rs at sys4.de
Sun Nov 16 07:24:42 UTC 2014


Am 16.11.2014 um 02:24 schrieb Reindl Harald:
> to make it short
> 
> * dovecot is no MTA submission server

submission server in dovecot is on its way  ( my last info )

> * if you find a security issue in postfix running
>   on 587 over TLS cry out loud
> * dovecot offers a SASL provider for postfix submission

yeah

> 
> that's it and if you think that combination is not secure enough pull
> the network cables
> 
> Am 16.11.2014 um 00:03 schrieb Ron Leach:
>> List, we're migrating to 2.2 from a 1.x version.  There has been mention
>> from time to time of a dovecot SMTP submission server.  Last I saw was
>> Timo suggesting this would be a 2.3 feature, but that there was already
>> a 'basic' capability in 2.2 that, more or less, merely provided a
>> secured/authorised SMTP submission.  I haven't found anything about this
>> in the wiki, but the feature is of interest to us.  I would like to
>> *not* have our MTA capable of being exploited as a relay (it isn't, at
>> the moment) whereas users are logging into our dovecot from offsite
>> using imaps with passwords.  While moving to 2.2, I'd like to try to use
>> a secure SMTP submission *separate* from the MTA so that that software,
>> with whatever vulnerabilities or weaknesses it might have, remained
>> locked down and could not relay, if at all possible.
>>
>> (Imaps with passwords means the login details are not transmitted in
>> cleartext and, so, leak no security to an observer of the communications
>> channel.  Doubtless there are other weaknesses somewhere but, at least,
>> when using hotel wifi, for example, there is little chance of revealing
>> login details to a packet sniffer.  It won't be perfect, there are
>> probably other vulnerabilities, not least in the underlying OSs at each
>> end, but the connection - which is a serious vulnerability in many
>> places - will be as good as is practical to make it.)
>>
>> So, is there some kind of SMTP submission service for a logged in
>> dovecot user, and how would a client make use of that?  Is it possible
>> to setup 2.2.15 for this?  And, crucially, would the connections between
>> the client (eg at a hotel in some unreliable location) be encrypted
>> right from the start, not using STARTTLS, as is the case in imaps?  And,
>> just to be really demanding, could we configure its use on a
>> non-standard port?
> 

i dont see your point...


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


More information about the dovecot mailing list