But isn't Cyrus just the SASL implementation to Postfix SMTP?
There is also Dovecot SASL as I can understand (http://www.postfix.org/SASL_README.html
If I should *not* need to auth incoming smtp, should I then need SASL (Curys/Dovecot) at all?
Before bothering with smtp auth, I haven't really touched them...
The only reason I use mysql virtual users is that my php scripts shall be able to add/remove users who have permissions to send mails to the server.
I would like to have many different incoming mail addresses. One for each user/device. This is instead of having only smtp auth and one incoming mail address. If this one and only incoming mail address should get compromised, then one should have to change the mail address for all external users/devices. By having one address per user/device, this can not happen.
The incoming mails are put in /home/vmail/... folders and are then processed by php (php scans the folders every 5 second).
(I do also utilise the pam virtual framwork for vsftpd, same function, same reasons.)
But then, I needed also smtp auth because some users/devices required this (and it also will slow down some spam attempts).
And my problems really started...