<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body>
<div style="font-family:sans-serif"><div style="white-space:normal">
<p dir="auto">Definitely possible - just not sure of the desired use case for this. But given the devs did it, there just be some demand…</p>
<p dir="auto"><a href="https://doc.dovecot.org/admin_manual/submission_server/" style="color:#3983C4">https://doc.dovecot.org/admin_manual/submission_server/</a></p>
<hr style="background:#333; background-image:linear-gradient(to right, #ccc, #333, #ccc); border:0; height:1px" height="1">
<p dir="auto">On 28 Jul 2021, at 11:18, John Stoffel wrote:</p>
<blockquote style="border-left:2px solid #777; color:#777; margin:0 0 5px; padding-left:5px">
<blockquote style="border-left:2px solid #777; color:#999; margin:0 0 5px; padding-left:5px; border-left-color:#999">
<blockquote style="border-left:2px solid #777; color:#BBB; margin:0 0 5px; padding-left:5px; border-left-color:#BBB">
<blockquote style="border-left:2px solid #777; color:#BBB; margin:0 0 5px; padding-left:5px; border-left-color:#BBB">
<blockquote style="border-left:2px solid #777; color:#BBB; margin:0 0 5px; padding-left:5px; border-left-color:#BBB">
<blockquote style="border-left:2px solid #777; color:#BBB; margin:0 0 5px; padding-left:5px; border-left-color:#BBB">
<p dir="auto">"Dan" == Dan Conway <a href="mailto:darkc0de@archnix6.net" style="color:#BBB">darkc0de@archnix6.net</a> writes:</p>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<p dir="auto">Are you sure? I know that postfix can use the same backend database<br>
for authentication as dovecot, and dovecot can be the master, but dovecot<br>
does NOT listen on port 25 or 587 at all, those are all just used by<br>
Postfix.</p>
<p dir="auto">Dan> Yes Dovecot will proxy the connection to the real MTA. My<br>
Dan> question is why authentication is always required on Dovecot when<br>
Dan> submission is used, as MTAs usually have an option to allow<br>
Dan> non-authenticated relaying.</p>
<p dir="auto">Dan> On 7/28/21 10:19 AM, justina colmena ~biz wrote:</p>
<p dir="auto">Dan> I am quite curious about the circumstances of this question. I was not aware that Dovecot<br>
Dan> actually offered mail submission service. If Dovecot does offer such a service, then it will<br>
Dan> have to relay the submitted mail to the real MTA, which is very likely not Dovecot. At the<br>
Dan> moment I have Postfix set up as MTA for that purpose —</p>
<p dir="auto">Dan> Relaying on port 25 is usually quick and easy to whitelist for certain permitted hosts, but<br>
Dan> otherwise port 587, optionally with STARTTLS, and/or port 465 with SSL/TLS is generally set up<br>
Dan> for user authenticated mail submissions.</p>
<p dir="auto">Dan> See also:<br>
Dan> <a href="https://www.mailgun.com/blog/which-smtp-port-understanding-ports-25-465-587/" style="color:#777">https://www.mailgun.com/blog/which-smtp-port-understanding-ports-25-465-587/</a></p>
<p dir="auto">Dan> On July 28, 2021 6:10:28 AM AKDT, Dan Conway <a href="mailto:darkc0de@archnix6.net" style="color:#777">darkc0de@archnix6.net</a> wrote:</p>
<p dir="auto">Dan> Hello,</p>
<p dir="auto">Dan> Is it possible to disable the requirement for authentication on the<br>
Dan> submission service? I'm trying to require authentication for all, except<br>
Dan> for a handful of IP addresses.</p>
<p dir="auto">Dan> Thank you.</p>
<p dir="auto">Dan> ehlo test.com<br>
Dan> 250-aaa<br>
Dan> 250-AUTH PLAIN LOGIN<br>
Dan> 250-BURL imap<br>
Dan> 250-CHUNKING<br>
Dan> 250-DSN<br>
Dan> 250-ENHANCEDSTATUSCODES<br>
Dan> 250-SIZE<br>
Dan> 250 PIPELINING<br>
Dan> MAIL FROM:<a href="mailto:test@test.com" style="color:#777">test@test.com</a><br>
Dan> 530 5.7.0 Authentication required.</p>
<p dir="auto">Dan> --<br>
Dan> Sent from my Android device with K-9 Mail. Please excuse my brevity.</p>
</blockquote>
</div>
</div>
</body>
</html>