Hi!
I deployed postfix with dovecot SASL using XOAuth2 successfully but need
application specific passwords for legacy clients (like any IMAP-Client
that is not roundcube).
I implemented them within dovecot with a separate password database that
uses extra-users like <uid>+<app-device-identifier>@example.com. This
user gets mapped to <uid>@example.com within dovecot.
This works fine, also from the postfix side, apart from
smtpd_sender_login_maps.
This lookup table looks for the sender address and returns the SASL
username that is allowed to send mail with that address. I could (with
much additional complexity) generate all the app-specific uids and
return these, but I prefer keeping it simple.
I can also envision to use the dovecot submission server (a MSA)
proxying to postfix. Unfortunately it does not yet support equivalent
support for sender_login_maps and I could not get postfix to apply
smtpd_sender_login_maps to work for the dovecot msa sending on behalf of
it's authenticated users (using XCLIENT).
I also don't know whether dovecot's relaying is happening too late: the
mail get's accepted and the users get a rejection mail later. I'll have
to check with the users whether that would be acceptable.
If anyone has very different ideas on how to implement these features, I
am all ears.
Cheers,
Tobias Florek
- smtpd_sender_login_maps with variable SASL names Tobias Florek
-
