2.2.15: SMTP submission server?

Ron Leach ronleach at tesco.net
Sat Nov 15 23:03:47 UTC 2014

List, we're migrating to 2.2 from a 1.x version.  There has been 
mention from time to time of a dovecot SMTP submission server.  Last I 
saw was Timo suggesting this would be a 2.3 feature, but that there 
was already a 'basic' capability in 2.2 that, more or less, merely 
provided a secured/authorised SMTP submission.  I haven't found 
anything about this in the wiki, but the feature is of interest to us. 
  I would like to *not* have our MTA capable of being exploited as a 
relay (it isn't, at the moment) whereas users are logging into our 
dovecot from offsite using imaps with passwords.  While moving to 2.2, 
I'd like to try to use a secure SMTP submission *separate* from the 
MTA so that that software, with whatever vulnerabilities or weaknesses 
it might have, remained locked down and could not relay, if at all 

(Imaps with passwords means the login details are not transmitted in 
cleartext and, so, leak no security to an observer of the 
communications channel.  Doubtless there are other weaknesses 
somewhere but, at least, when using hotel wifi, for example, there is 
little chance of revealing login details to a packet sniffer.  It 
won't be perfect, there are probably other vulnerabilities, not least 
in the underlying OSs at each end, but the connection - which is a 
serious vulnerability in many places - will be as good as is practical 
to make it.)

So, is there some kind of SMTP submission service for a logged in 
dovecot user, and how would a client make use of that?  Is it possible 
to setup 2.2.15 for this?  And, crucially, would the connections 
between the client (eg at a hotel in some unreliable location) be 
encrypted right from the start, not using STARTTLS, as is the case in 
imaps?  And, just to be really demanding, could we configure its use 
on a non-standard port?

regards, Ron

More information about the dovecot mailing list