Im looking for the same behavior as postfix reject_sender_login_mismatch, however i want dovecot to handle this.
Starting since version 2.3 Dovecot offers a submission SMTP:587 server. I like this and it makes more logic to me, dovecot is already handling imap/pop3 services so why shouldn't you be able to send emails with the same service.
This must not be widely used because i can not find any information other than the very light documentation at the link above. Everything i find online explains how to have postfix talk to dovecot through "private/auth" to get user authentication to match against the From: address.
This is bonkers to me. Why bother having dovecot listen on port 587 if it has to send the email to postfix, for postfix to turn around and connect back to dovecot to get auth info to decide if the email matches? Dovecot should decide this before sending the email to postfix since it already has the connection, the user authentication, and list of valid emails.
Im running (CentOS8) dovecot 2.3.8 and postfix 3.3.1 with both talking to sql for user account info. Postfix is only listening on port 25 for incoming mail and dovecot is handling all things imap on ports 143, 993 and 587.
Does anyone know how to do this in dovecot or can point me in the right direction?
As said in the Dovecot Submission Server documentation:
It does not have any of the advanced features Postfix has, nor even the capability to deliver the message on its own. It is merely a proxy that still requires a fully featured MTA, like Postfix.
Submission is not IMAP, but SMTP. Therefore, it is only natural that an SMTP server handles it. Just like with us humans, it is good to specialise on something, do it as good as possible, and ask help for other things. For the same reason, Postfix does not try and implement SASL authentication on its own:
TL;DR: It is not currently possible and might never be. Just use the Postfix for submission like everybody else.