Tobias Florek: > Hi! > > I deployed postfix with dovecot SASL using XOAuth2 successfully but need > application specific passwords for legacy clients (like any IMAP-Client > that is not roundcube). > > I implemented them within dovecot with a separate password database that > uses extra-users like <uid>+<app-device-identifier>@example.com. This > user gets mapped to <uid>@example.com within dovecot. > > This works fine, also from the postfix side, apart from > smtpd_sender_login_maps. > > This lookup table looks for the sender address and returns the SASL > username that is allowed to send mail with that address. I could (with > much additional complexity) generate all the app-specific uids and > return these, but I prefer keeping it simple.
Could you use a regexp: or pcre: tabble? https://www.postfix.org/pcre_table.5.html https://pcre.org/current/doc/html/pcre2syntax.html Woets > I can also envision to use the dovecot submission server (a MSA) > proxying to postfix. Unfortunately it does not yet support equivalent > support for sender_login_maps and I could not get postfix to apply > smtpd_sender_login_maps to work for the dovecot msa sending on behalf of > it's authenticated users (using XCLIENT). > > I also don't know whether dovecot's relaying is happening too late: the > mail get's accepted and the users get a rejection mail later. I'll have > to check with the users whether that would be acceptable. > > > If anyone has very different ideas on how to implement these features, I > am all ears. > > Cheers, > Tobias Florek >
