On Sun, 31 Mar 2024 12:55:09 +0200
da-dovecotlist-15--- via dovecot <dovecot@dovecot.org> wrote:

> I was surprised to find that the LMTP socket has permission mode 0666
> by default and since configs are merged with defaults, there is no
> way to disable this AFAICS.
> 
> # doveconf -d
> ...
> service lmtp {
>    unix_listener lmtp {
>      group =
>      mode = 0666
>      user =
>    }
> ...
> }
> 
> Is this also how it is supposed to be used in production? I
> understand that LMTP is just for delivering new mails but is there
> really no need to restrict this further? To me it seems reasonable,
> to force all services on this machine to go through Postfix and not
> be able to just put e-mails in the users mailboxes via LMTP. Am I
> missing something?

You are supposed to change that to a setting suitable for your setup.

# Change lmtp socket to safe mode for postfix
service lmtp {
  unix_listener lmtp {
    mode = 0220
    user = postfix
    group = postfix
  }
}

For example like this.

-- 
Tuomo Soini <t...@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Reply via email to