Thank you for pointing out that I did not explain the contents of the submit.cred file well enough. This file contains a single username and password per IMAP server which postfix uses to authenticate to that IMAP server. Typically the username is "submit". It does NOT contain regular users' names and passwords. Here is an example:
submitcred version 1 server1.example.com|submit|password1 server2.example.com|submit|password2 server3.example.com|submit|password3 First field is host name. Second field is user name. Third field is the password for the user name in the second field. The "submit" user on each of those servers must be able to authenticate using the password shown above (third field) and authorize for any user. So when Postfix receives a BURL command with an IMAP URL for, say, f...@server2.example.com, Postfix logs into the IMAP server on server2.example.com with: authz=fred, authc=submit, pw=password2. Postfix does not know fred's password. > in any case a fixed password for the "submit" user that is authorized > to fetch messages for submission. With this the submission server > just needs a single submission user id and password per IMAP server, > not per IMAP user. This is the method it uses. Only, the IMAP server must permit the submit user to reach into any user's mail. > Which IMAP servers implement the non-standard X-PLAIN-SUBMIT, and which > (non-standard) document describes this protocol? The patch Apple contributed to Dovecot today adds support for X-PLAIN-SUBMIT to Dovecot. Patched Postfix can also use PLAIN if available. > Given support for URLAUTH, why does the Postfix contribution not > leverage that? I don't understand this question. The contribution does leverage URLAUTH. BURL logs into the IMAP server specifically to issue an URLFETCH command. > Is anyone at Apple interested in > working on a project to gradualy (not everything at once) integrate > the apple features into the mainstream Postfix? I will ask.
