On 31 Jul 2019, at 20.45, A. Schulze via dovecot <dovecot@dovecot.org> wrote:
>
>
>
> Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
>> service lmtp {
>> user = vmail
>> }
>>
>> please remove user = vmail from here or change it to root.
>>
>> for security reasons lmtp service must be started as root since version
>> 2.2.36. lmtp will drop root privileges after initialisation but it needs to
>> open /self/proc/io as root before that.
>
> Hello Sami,
>
> I don't read "root is required for lmtp" in
> https://wiki.dovecot.org/LMTP#Security neither does
> https://dovecot.org/doc/NEWS-2.2 say so.
> Could you proof that statement somehow?
Alternative is:
service lmtp {
user = vmail
drop_priv_before_exec = yes
}
I'm not sure if you run into other problems with that.
