On 21/08/20 7:15 pm, @lbutlr wrote: > On 21 Aug 2020, at 01:05, Richard Hector <rich...@walnut.gen.nz> wrote: >> Is that a standard interface? ie can a client like postfix talk to >> either dovecot or cyrus without knowing the difference? > > Yes. Postfix does not care, though I find it is easier to setup and more > reliable to use dovecot (I've used both, YMMV).
Thanks - is there documentation of this protocol somewhere? Though having just now had another look at the Postfix SASL_README, it appears it needs support for each compiled in, suggesting there are differences? >> Are there others? > > Those are the only two I have used. If there are others I've not seen them > mentioned on the postfix list that I can recall. Postfix, AFAICS, only supports the two - but I've seen references for IRC servers talking to an irc services server called anope, which provides SASL somehow? >> Is there a good reference to this somewhere, short of reading the RFCs? > > The best bet is > > 1) get a real cert. > 2) copy and existing configuration I'm not following - I'm not sure we're on the same page :-( I already have Postfix (with a Letsencrypt cert) using Dovecot SASL (Dovecot also uses the same cert) Or are you talking about some other kind of cert? And are you talking about the Postfix and/or Dovecot config? >> And is there any option (current or proposed) to let dovecot act as a >> client, rather than a server? > > A client for…? A SASL client - so eg Dovecot and Postfix could both talk to the same Cyrus (or other - even another Dovecot) SASL server. One reason might be to use password hash algorithms that Dovecot doesn't know about. Cheers, Richard