On 20.1.2012, at 0.30, Harm Weites wrote: > we want to use dovecot LMTP for efficient mail delivery from our MX > servers (running postfix 2.8) to our storage servers (dovecot 2.0.17). > However, the one problem we see is the lack of access control when using > LMTP. It apears that every client in our network who has access to the > storage machines can drop a message in a Maildir of any user on that > storage server.
Is it a real problem? Can't they just as easily drop messages to other users' maildirs simply by sending the mail via SMTP? > To prevent this behaviour it would be nice to use > libwrap, just as it can be used for POP3/IMAP protocols. > This, however, seems to be impossible using the configuration as > mentioned on the dovecot wiki: > > login_access_sockets = tcpwrap > > This seems to imply it only works for a login, and LMTP does not use > that. The above works perfectly when trying to block access to IMAP or > POP3 in /etc/hosts.deny, though a setting for LMTP is simply ignored. Right. I'm not sure if I'd even want to add such feature to LMTP. It doesn't really feel like it belongs there. > Is there a configuration setting needed for this to work for LMTP, or is > it simply not possible (yet) and does libwrap support for LMTP requires > a patch? Not possible in Dovecot currently. You could use firewall rules.
