On 11/04/2012 04:09 PM, Roman Gelfand wrote:
Consider the following config...
postfixF - mail gateway
postfixB - backend mail server
The mail client agents are pointing to postfixB for outbound email.
That sounds backwards. Since the former machine is your mail gateway,
surely that handles all outgoing mail.
In case you really meant that it is your MX, there is no reason not to
use it for both.
Both postfixF and postfixB are authenticating users using saslauthd
service. In postfixB's main.cf relayhost postfixF. Assuming the same
user/password exists on both servers, is it possible to specify in
postfixB's main.cf/master.cf just the user name with which to connect
to postfixF?
No, that doesn't make sense.
SASL authentication (whether for relaying or anything else) happens on
the machine you are authenticating against.
So it doesn't matter if the SASL user exists on the sending machine; it
has to exist on the receiving relayhost.
You setup sounds sub-optimal, since these functions can (and most likely
should) be combined to offer a robust and simple interface.
I would suggest using a single authentication service to both send and
read mail, since SASL is easily scaled over multiple machines.
This saves you from duplicating the user database, and all possible user
errors that may ensue.
Since this authentication service will be used on the mailbox store to
validate IMAP users, it makes most sense to run it from there,
especially since Dovecot can do both IMAP and SASL exceedingly well.
Furthermore, it is debatable whether postfix is even needed on a backend
mail store (unless it has to do a lot of routing or manipulation), since
postfix is an MTA, not a mail store.
--
J.
