Hello Postfix community, Attached please find a patch that adds support to postfix-2.7.0 for RFC 4468 - Submission BURL.
BURL requires a pre-configured trust relationship between the submission
server and the IMAP server. This patch adds a new configuration file
normally named "submit.cred" that contains text entries each specifying
an IMAP server hostname, a submit username, and a password. The patched
submission server logs into the IMAP server using:
- the user in the URL given to the BURL command as the SASL PLAIN
authorization ID
- the username from the corresponding submit.cred entry as the SASL
PLAIN authentication ID
- the password from the corresponding submit.cred entry as the
password
The patched submission server logs into the IMAP server using either the
PLAIN or a non-standard X-PLAIN-SUBMIT authentication method.
X-PLAIN-SUBMIT specifically allows plain-text submit user logins while
plain-text regular user logins are not allowed. This lets the system
administrator configure the same submit user and password credentials on
both the submission server and the IMAP server. A secure connection is
required.
Today Apple also contributes BURL, CATENATE and URLAUTH support to the
Dovecot open source project. Postfix BURL interoperates with Dovecot
BURL/URLAUTH.
Please note that all of our changes are commented with "APPLE" not to
pollute the code but to help us merge in your new releases. Feel free
to remove those comments or restructure or rewrite the code as desired,
as long as you preserve our copyright. We understand that our
implementation choices may differ from yours; if you see a better way to
achieve the same goal please do adopt the better way. Some areas we are
aware could use improvement but satisfy our own needs:
- the hard-coded TLS parameters
- submit.cred does not match the format of other postfix config files
Please let me know if you have any questions, concerns, or bug reports
regarding this patch. Thanks.
postfix-2.7.0+burl.patch.gz
Description: GNU Zip compressed data
