diff options
author | 2024-08-22 23:09:03 +0100 | |
---|---|---|
committer | 2024-08-23 16:52:19 +0100 | |
commit | 2f5885c0fb6d7172cad8bcc7c0a21d2373b01801 (patch) | |
tree | e76a1b3ebc078cc2de440baa63f7ffe9b6704ac1 /docs | |
parent | Explicitly set mailbox uid for doveadm (diff) |
Update Postfix documentation with Dovecot
Diffstat (limited to 'docs')
-rw-r--r-- | docs/docs/services/email/components/postfix.md | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/docs/docs/services/email/components/postfix.md b/docs/docs/services/email/components/postfix.md index 1dbc852..15b9960 100644 --- a/docs/docs/services/email/components/postfix.md +++ b/docs/docs/services/email/components/postfix.md @@ -7,7 +7,7 @@ This document describes the Postfix setup for Python Discord. We use Postfix for sending and receiving mail in the following ways: -- Mail destined for mailboxes is delivered to the Unix mailboxes on the host +- Mail destined for mailboxes is passed to Dovecot for local delivery - Mail destined for users with forwarding preferences set in LDAP is forwarded to the external mail gateways - Mail from services is sent to the external mail gateways for delivery @@ -30,10 +30,12 @@ flowchart TD D1[Deliver Mail] D2[Reject Mail - Unknown Recipient] D3[Reject Mail - Validation Failed] + D4[Pass to Dovecot] style D1 fill:#5d945a style D2 fill:#94635a style D3 fill:#94635a + style D4 fill:#5d945a M--->V1 @@ -41,11 +43,11 @@ flowchart TD V1--Validation Failed-->D3 A1--Yes, forward to external gateway-->D1 A1--No -->A2 - A2--Yes, deliver to local UNIX mailbox -->D1 + A2--Yes, pass to Dovecot for delivery-->D4 A2--No -->A3 A3--Yes, expand users and apply delivery rules -->M A3--No -->A4 - A4--Yes, deliver to service UNIX mailbox -->D1 + A4--Yes, pass to Dovecot for delivery -->D4 A4--No -->A5 A5--Yes, expand alias and apply delivery rules -->M A5--No, no further matching rules, reject mail-->D2 @@ -53,15 +55,10 @@ flowchart TD ## SASL Authentication -Service accounts are able to send mail through Postfix by authenticating with -SASL. SASL is a method of authenticating with a mail server using a username and -password. +Users authenticate via Postfix using SASL. We hand off to Dovecot to perform the +SASL authentication against the LDAP database. -We configure `saslauthd` to authenticate using LDAP against FreeIPA. This allows -service accounts to authenticate with Postfix using their LDAP credentials. - -Using filters in `saslauthd`, we restrict the ability to authenticate to only -accounts ending in `@int.pydis.wtf`. +SASL is available on either of the 465 or 587 SMTP ports. ## Maintenance |