On 21/08/20 7:15 pm, @lbutlr wrote:> On 21 Aug 2020, at 01:05, Richard Hector <richard at walnut.gen.nz>
wrote:
>> Is that a standard interface? ie can a client like postfix talk to
>> either dovecot or cyrus without knowing the difference?
>
> Yes. Postfix does not care, though I find it is easier to setup and more
reliable to use dovecot (I've used both, YMMV).
Thanks - is there documentation of this protocol somewhere?
Though having just now had another look at the Postfix SASL_README, it
appears it needs support for each compiled in, suggesting there are
differences?
>> Are there others?
>
> Those are the only two I have used. If there are others I've not seen
them mentioned on the postfix list that I can recall.
Postfix, AFAICS, only supports the two - but I've seen references for
IRC servers talking to an irc services server called anope, which
provides SASL somehow?
>> Is there a good reference to this somewhere, short of reading the RFCs?
>
> The best bet is
>
> 1) get a real cert.
> 2) copy and existing configuration
I'm not following - I'm not sure we're on the same page :-(
I already have Postfix (with a Letsencrypt cert) using Dovecot SASL
(Dovecot also uses the same cert)
Or are you talking about some other kind of cert? And are you talking
about the Postfix and/or Dovecot config?
>> And is there any option (current or proposed) to let dovecot act as a
>> client, rather than a server?
>
> A client for??
A SASL client - so eg Dovecot and Postfix could both talk to the same
Cyrus (or other - even another Dovecot) SASL server. One reason might be
to use password hash algorithms that Dovecot doesn't know about.
Cheers,
Richard