> On 03/11/2020 12:31 Piotr Auksztulewicz <dcml at hasiok.net> wrote: > > > On Mon, Nov 02, 2020 at 09:33:08PM +0100, R. Diez wrote: > > OK, so I gather that the Submission Server cannot do that (yet). > > And probably would never do. It isn't its job description. > > Actually, it is just a convenience/workaround feature, which comes handy > only if your own MTA cannot handle dovecot's SASL authentication (must be > something real strange) or there are some integration/security/policy > issue perceived (but I cannot think of any, actually). In this case you > can set up dovecot's submission server, which uses dovecot's authentication > settings, so you have single source of authentication, and whitelist > dovecot IP address in your MTA so it accepts anything that dovecot's > submission server lets through. But I don't think it is a good idea > personally, it is more open to exploitation this way, unless the > address is 127.0.0.1, in which case you can simply set up SASL over > Unix sockets, which is as secure as your host server is. >Submission service is not only a proxy, it - provides authentication natively from Dovecot - provides features like BURL, and maybe in future outbound Sieve but it does require real MTA behind. -- Aki
Piotr Auksztulewicz
2020-Nov-03 11:03 UTC
Delivering locally through the Submission Server
On Tue, Nov 03, 2020 at 12:37:07PM +0200, Aki Tuomi wrote:> Submission service is not only a proxy, it > > - provides authentication natively from Dovecot > - provides features like BURL, and maybe in future outbound SieveI didn't know about BURL, thanks. Looks interesting. I am sometimes really annoyed by double upload when sending big files. I wonder if my mail clients support this... need to check. Maybe then I'll configure dovecot sumbission just for BURL sake. -- Piotr "Malgond" Auksztulewicz firstname at lastname.net