Thanks for the reply, postfix + dovecot sasl configured and working properly. My
question is about "adding dovecot authentication when sending emails via
submission_host".
Let's say we have dovecot + sieve plugin container.
Dovecot configured to use remote SMTP submission host to send messages:
submission_host = postfix.example.com:587
User foo at example.com has the following sieve script:
require ["fileinto", "copy", "vacation",
"date", "relational"] ;
redirect :copy "bar at example.com";
keep;
baz at example.com sending email to foo at example.com
dovecot lmtp log:
lmtp(foo at example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve:
msgid=<63fce409f26b1a67785a475a00034a05 at mail.example.com>: redirect
action: failed to redirect message to <bar at example.com>:
smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 <bar at
example.com>: Recipient address rejected: Access denied (permanent failure)
lmtp(foo at example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve:
msgid=<63fce409f26b1a67785a475a00034a05 at mail.example.com>: stored mail
into mailbox 'INBOX'
lmtp(foo at example.com)<7670><QTsrNZjdxmP2HQAAaVGrHw>: Info: sieve:
Execution of script /var/dovecot/example.com/foo/foo.sieve failed, but implicit
keep was successful (user logfile /var/dovecot/example.com/foo/foo.sieve.log may
reveal additional details)
sieve.log
error: msgid=<63fce409f26b1a67785a475a00034a05 at mail.example.com>:
redirect action: failed to redirect message to <bar at example.com>:
smtp(postfix.example.com:587): RCPT TO failed: 554 5.7.1 <bar at
example.com>: Recipient address rejected: Access denied (permanent failure).
postfix log:
NOQUEUE: reject: RCPT from unknown[10.0.1.4]: 554 5.7.1 <bar at
example.com>: Recipient address rejected: Access denied; from=<baz at
example.com> to=<bar at example.com>
redirect :copy action failed, its expected behavior, dovecot do not auth when
sending email via submisson_host.
If there is setting like
submission_host_master_user = master at example.com
submission_host_master_password = masterpass
to do authentication as master user in postfix who can send email as any user...
________________________________
??: dovecot <dovecot-bounces at dovecot.org> ?? ????? dovecot at ptld.com
<dovecot at ptld.com>
??????????: 17 ?????? 2023 ?. 18:25
????: dovecot at dovecot.org <dovecot at dovecot.org>
????: Re: submission_host auth
> When using dovecot container with sieve plugin there is no sendmail to use
for sending email for sieve redirect action for example. We can use
submission_host instead
https://doc.dovecot.org/settings/core/#core_setting-submission_host but there is
no way to specify credentials for auth in remote MTA. Submission_relay_*
settings e.g. submission_relay_master_user relate to dovecot submission service.
Using something like permit_mynetworks in remote MTA is not acceptable for
security reasons.
>
> Is it possible to add authorization in the remote MTA using
submission_host?
You start the auth service in dovecot, then tell the MTA to use it.
For example, if you use postfix this explains how:
https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20230117/69d09445/attachment.htm>