I am quite curious about the circumstances of this question. I was not aware that Dovecot actually offered mail submission service. If Dovecot does offer such a service, then it will have to relay the submitted mail to the real MTA, which is very likely not Dovecot. At the moment I have Postfix set up as MTA for that purpose ? Relaying on port 25 is usually quick and easy to whitelist for certain permitted hosts, but otherwise port 587, optionally with STARTTLS, and/or port 465 with SSL/TLS is generally set up for user authenticated mail submissions. See also: https://www.mailgun.com/blog/which-smtp-port-understanding-ports-25-465-587/ On July 28, 2021 6:10:28 AM AKDT, Dan Conway <darkc0de at archnix6.net> wrote:>Hello, > >Is it possible to disable the requirement for authentication on the >submission service? I'm trying to require authentication for all, >except >for a handful of IP addresses. > >Thank you. > > >ehlo test.com >250-aaa >250-AUTH PLAIN LOGIN >250-BURL imap >250-CHUNKING >250-DSN >250-ENHANCEDSTATUSCODES >250-SIZE >250 PIPELINING >MAIL FROM:<test at test.com> >530 5.7.0 Authentication required.-- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210728/419770ad/attachment.html>
Yes Dovecot will proxy the connection to the real MTA. My question is why authentication is /always/ required on Dovecot when submission is used, as MTAs usually have an option to allow non-authenticated relaying. On 7/28/21 10:19 AM, justina colmena ~biz wrote:> I am quite curious about the circumstances of this question. I was not > aware that Dovecot actually offered mail submission service. If > Dovecot does offer such a service, then it will have to relay the > submitted mail to the real MTA, which is very likely not Dovecot. At > the moment I have Postfix set up as MTA for that purpose ? > > Relaying on port 25 is usually quick and easy to whitelist for certain > permitted hosts, but otherwise port 587, optionally with STARTTLS, > and/or port 465 with SSL/TLS is generally set up for user > authenticated mail submissions. > > See also: > https://www.mailgun.com/blog/which-smtp-port-understanding-ports-25-465-587/ > <https://www.mailgun.com/blog/which-smtp-port-understanding-ports-25-465-587/> > > > > On July 28, 2021 6:10:28 AM AKDT, Dan Conway <darkc0de at archnix6.net> > wrote: > > Hello, > > Is it possible to disable the requirement for authentication on the > submission service? I'm trying to require authentication for all, except > for a handful of IP addresses. > > Thank you. > > > ehlo test.com > 250-aaa > 250-AUTH PLAIN LOGIN > 250-BURL imap > 250-CHUNKING > 250-DSN > 250-ENHANCEDSTATUSCODES > 250-SIZE > 250 PIPELINING > MAIL FROM:<test at test.com> > 530 5.7.0 Authentication required. > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210728/6e6a919e/attachment.html>
On 2021-07-28 19:08, Dan Conway wrote:> Yes Dovecot will proxy the connection to the real MTA. My question is > why authentication is _always_ required on Dovecot when submission is > used, as MTAs usually have an option to allow non-authenticated > relaying.where is this dokumented ?, what mta support that teori ? dovecot still need auth for sending mails even its real mta sending to another mta, diffrent is that its mta that had that job of submissions, but it have never being a free ride in the park as it would make it a open relay dont do this ever