Is it possible to implement 2FA for postfix? So when you login from a new device you must enter a code from an app like Google or MS authenticator? I'm looking for this but I only find outdated info or unanswered questions
ISPConfig uses the classic combination of Postfix + Dovecot (with MySQL as the user backend) where the authentification happens through Dovecot. So you'll likely want to look into Dovecot and the only thing that comes there to my mind is OAUTH2 for Dovecot or its user certificate authentification option.
