2.2.15: SMTP submission server?

Brad Smith brad at comstyle.com
Mon Nov 17 02:18:57 UTC 2014


On 11/16/14 02:24, Robert Schetterer wrote:
> Am 16.11.2014 um 02:24 schrieb Reindl Harald:
>> to make it short
>>
>> * dovecot is no MTA submission server
>
> submission server in dovecot is on its way  ( my last info )
>
>> * if you find a security issue in postfix running
>>    on 587 over TLS cry out loud
>> * dovecot offers a SASL provider for postfix submission
>
> yeah
>
>>
>> that's it and if you think that combination is not secure enough pull
>> the network cables
>>
>> Am 16.11.2014 um 00:03 schrieb Ron Leach:
>>> List, we're migrating to 2.2 from a 1.x version.  There has been mention
>>> from time to time of a dovecot SMTP submission server.  Last I saw was
>>> Timo suggesting this would be a 2.3 feature, but that there was already
>>> a 'basic' capability in 2.2 that, more or less, merely provided a
>>> secured/authorised SMTP submission.  I haven't found anything about this
>>> in the wiki, but the feature is of interest to us.  I would like to
>>> *not* have our MTA capable of being exploited as a relay (it isn't, at
>>> the moment) whereas users are logging into our dovecot from offsite
>>> using imaps with passwords.  While moving to 2.2, I'd like to try to use
>>> a secure SMTP submission *separate* from the MTA so that that software,
>>> with whatever vulnerabilities or weaknesses it might have, remained
>>> locked down and could not relay, if at all possible.
>>>
>>> (Imaps with passwords means the login details are not transmitted in
>>> cleartext and, so, leak no security to an observer of the communications
>>> channel.  Doubtless there are other weaknesses somewhere but, at least,
>>> when using hotel wifi, for example, there is little chance of revealing
>>> login details to a packet sniffer.  It won't be perfect, there are
>>> probably other vulnerabilities, not least in the underlying OSs at each
>>> end, but the connection - which is a serious vulnerability in many
>>> places - will be as good as is practical to make it.)
>>>
>>> So, is there some kind of SMTP submission service for a logged in
>>> dovecot user, and how would a client make use of that?  Is it possible
>>> to setup 2.2.15 for this?  And, crucially, would the connections between
>>> the client (eg at a hotel in some unreliable location) be encrypted
>>> right from the start, not using STARTTLS, as is the case in imaps?  And,
>>> just to be really demanding, could we configure its use on a
>>> non-standard port?
>>
>
> i dont see your point...

There isn't.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the dovecot mailing list