2 files changed, 23 insertions, 39 deletions

diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf
index 19f5ebd..b1e3f9b 100644
--- a/dovecot/dovecot.conf
+++ b/dovecot/dovecot.conf
@@ -30,6 +30,14 @@ userdb {
     args = /etc/userconfig/passwd
 }
 
+# Provide user authentication service to postfix submission sessions
+service auth {
+    unix_listener /var/spool/postfix/private/auth {
+        user = postfix
+        group = postfix
+        mode = 0660
+    }
+}
 
 # Location for users mailboxes
 #  %u - username
diff --git a/postfix/master.cf b/postfix/master.cf
index fd0d581..0105387 100644
--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -10,46 +10,22 @@
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 smtp      inet  n       -       y       -       -       smtpd
-#smtp      inet  n       -       y       -       1       postscreen
-#smtpd     pass  -       -       y       -       -       smtpd
-#dnsblog   unix  -       -       y       -       0       dnsblog
-#tlsproxy  unix  -       -       y       -       0       tlsproxy
-# Choose one: enable submission for loopback clients only, or for any client.
-#127.0.0.1:submission inet n -   y       -       -       smtpd
-#submission inet n       -       y       -       -       smtpd
-#  -o syslog_name=postfix/submission
-#  -o smtpd_tls_security_level=encrypt
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_tls_auth_only=yes
-#  -o smtpd_reject_unlisted_recipient=no
-#     Instead of specifying complex smtpd_<xxx>_restrictions here,
-#     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
-#     here, and specify mua_<xxx>_restrictions in main.cf (where
-#     "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
-#  -o smtpd_client_restrictions=
-#  -o smtpd_helo_restrictions=
+#smtp     inet  n       -       y       -       1       postscreen
+#smtpd    pass  -       -       y       -       -       smtpd
+#dnsblog  unix  -       -       y       -       0       dnsblog
+#tlsproxy unix  -       -       y       -       0       tlsproxy
+submissions inet n      -       y       -       -       smtpd
+  -o syslog_name=postfix/submissions
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_sasl_type=dovecot
+  -o smtpd_sasl_path=private/auth
+  -o smtpd_reject_unlisted_recipient=no
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 #  -o smtpd_sender_restrictions=
-#  -o smtpd_relay_restrictions=
-#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-# Choose one: enable submissions for loopback clients only, or for any client.
-#127.0.0.1:submissions inet n  -       y       -       -       smtpd
-#submissions     inet  n       -       y       -       -       smtpd
-#  -o syslog_name=postfix/submissions
-#  -o smtpd_tls_wrappermode=yes
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_reject_unlisted_recipient=no
-#     Instead of specifying complex smtpd_<xxx>_restrictions here,
-#     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
-#     here, and specify mua_<xxx>_restrictions in main.cf (where
-#     "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
-#  -o smtpd_client_restrictions=
-#  -o smtpd_helo_restrictions=
-#  -o smtpd_sender_restrictions=
-#  -o smtpd_relay_restrictions=
-#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
-#628       inet  n       -       y       -       -       qmqpd
+  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+#628      inet  n       -       y       -       -       qmqpd
 pickup    unix  n       -       y       60      1       pickup
 cleanup   unix  n       -       y       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr