Let's say we have dovecot + sieve plugin container.
Dovecot configured to use remote SMTP submission host to send messages:
submission_host = postfix.example.com:587
I reviewed my config to see how i did it. I think you are right and SASL isn't
used here. I have dovecot and postfix on the same machine and in dovecot i set
submission_host = localhost:25
Then in my sieve filters i set
sieve_redirect_envelope_from = sender
I use SPF, DKIM, and DMARC
To test this i have (fictitious) [email protected] with a forward filter to
[email protected]
I sent an email from [email protected] to [email protected]
@work.com server then sends a forwarded email to [email protected] with
To:[email protected] and From:[email protected]
Checking the @home.com logs i can see that SPF failed because @work.com server
sent an email from @random.com, however it had valid DKIM signatures from both
@work.com and @random.com so DMARC passed and the email was accepted.
I guess if the @random.com mail server only implemented SPF and not included a
DKIM signature and DMARC policy then the @home.com server would have rejected
the forwarded email.
I know this might not be the best solution you are looking for, but it is the best i
could figure out to allow sieve forwarding. There is no way for a forwarded email to SASL
authenticate because no one is logged in or involved in the process of LMTP receiving
mail for delivery from "the world". How is the MTA supposed to know the SASL
password for [email protected]?
