Eventually I will remove sasl from port 25. But since port 25 can use sasl
authentication, the reliability of the service should be ensured. Once dovecot
sasl terminates unexpectedly, it will cause a complete strike of smtpd on port
25. Any connection will not be responded. I think the high coupling between
postfix and dovecot is not good.
I wrote a port monitoring program in python to print out the sasl communication
between postfix and dovecot. After telnet port 25, postfix will send its
version information and cpid number to dovecot. dovecot will reply with its own
version information and authentication method, etc.; for example
Postfix: VERSION 1 0
CPID 6745
Dovecot: VERSION 1 2
MECH PLAIN plaintext
MECH LOGIN plaintext
MECH CRAM-MD5 dictionary active
SPID 1388
CUID 1
COOKIE 84f113e107157a2eb4bde0fa6870b95b
DONE
If dovecot terminates unexpectedly. Then when telnet port 25, even the basic
220 cannot be returned. It means that the postfix service is also stopped,
although the related processes of postfix are still running.
What I want to express is to enhance the robustness of postfix. For example,
add a default configuration, which can be more secure. In this way, even if
dovecot fails. It still does not affect other transactions that do not require
authentication to process. For example, receiving emails delivered by other
servers, or relaying allowed emails according to rules. After the administrator
finds that the authentication of port 25 fails, he will check the status of
dovecot. During this period, no letters will be lost or rejected altogether.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
