Is the user verified when sending an outgoing email? [oauth2] #3988
Replies: 2 comments 1 reply
-
Please note that this response was created using generative AI, leveraging previously available information from the repository. This information may be helpful. However, it is our strong recommendation that you carefully consider the information before blindly applying it. When OAuth2 is enabled on Docker Mailserver, Postfix can indeed use Dovecot for SASL authentication. In the Docker Mailserver setup, Postfix is typically configured to delegate SASL authentication to Dovecot. This setup allows Dovecot to handle the authentication of users via various mechanisms, including OAuth2, when properly configured. To ensure that your server is not acting as an open relay, you should verify that your Postfix configuration is set to require authentication for sending emails. This is typically controlled by the For detailed guidance on configuring OAuth2 with Dovecot and integrating it with Postfix for authentication, you can refer to the following resources:
These documents will provide you with the necessary steps to securely configure your mail server, ensuring that it is not an open relay and that it properly authenticates users via OAuth2 and Dovecot SASL. This comment was generated by Glime. |
Beta Was this translation helpful? Give feedback.
-
This is from memory recall, so I may accidentally mix something up below, but I think it's roughly correct. OAuth2 credentials are your username and access token, these are received by Dovecot and verified against the auth service that provided the token to ensure it is valid. If that verification is successful, the credentials are trusted and user authenticated in DMS. The user / app provides credentials to DMS.
Dovecot itself you can configure with an app password of it's own to interact with the auth provider. The current DMS config support is limited, but if you manually manage the related config files for Dovecot, there are a few different settings it supports (and some require credentials for permission/access to interacting with different endpoints of the auth provider).
This shouldn't be a concern, our docs should raise attention to that when it's a possibility (but we may not always spot these, so it's best to double check when you deploy). |
Beta Was this translation helpful? Give feedback.
-
When a user sends an email to SMTP and oAuth2 is enabled on the docker-mailserver, Postfix verifies the user with Dovecot SASL?
https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/auth-oauth2/
https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/
https://www.postfix.org/SASL_README.html#server_dovecot
Thanks in advance for your clarifications, I wouldn't want to have an open relay haha!
Beta Was this translation helpful? Give feedback.
All reactions