OT: SASL questions

Richard Hector richard at walnut.gen.nz
Fri Aug 21 10:34:09 EEST 2020

On 21/08/20 7:15 pm, @lbutlr wrote:
> On 21 Aug 2020, at 01:05, Richard Hector <richard at walnut.gen.nz> wrote:
>> Is that a standard interface? ie can a client like postfix talk to
>> either dovecot or cyrus without knowing the difference?
> Yes. Postfix does not care, though I find it is easier to setup and more reliable to use dovecot (I've used both, YMMV).

Thanks - is there documentation of this protocol somewhere?
Though having just now had another look at the Postfix SASL_README, it
appears it needs support for each compiled in, suggesting there are

>> Are there others?
> Those are the only two I have used. If there are others I've not seen them mentioned on the postfix list that I can recall.

Postfix, AFAICS, only supports the two - but I've seen references for
IRC servers talking to an irc services server called anope, which
provides SASL somehow?

>> Is there a good reference to this somewhere, short of reading the RFCs?
> The best bet is
> 	1) get a real cert.
> 	2) copy and existing configuration

I'm not following - I'm not sure we're on the same page :-(
I already have Postfix (with a Letsencrypt cert) using Dovecot SASL
(Dovecot also uses the same cert)
Or are you talking about some other kind of cert? And are you talking
about the Postfix and/or Dovecot config?

>> And is there any option (current or proposed) to let dovecot act as a
>> client, rather than a server?
> A client for…?

A SASL client - so eg Dovecot and Postfix could both talk to the same
Cyrus (or other - even another Dovecot) SASL server. One reason might be
to use password hash algorithms that Dovecot doesn't know about.


More information about the dovecot mailing list