On Sun, 31 Mar 2024 12:55:09 +0200 da-dovecotlist-15--- via dovecot <dovecot@dovecot.org> wrote:
> I was surprised to find that the LMTP socket has permission mode 0666 > by default and since configs are merged with defaults, there is no > way to disable this AFAICS. > > # doveconf -d > ... > service lmtp { > unix_listener lmtp { > group = > mode = 0666 > user = > } > ... > } > > Is this also how it is supposed to be used in production? I > understand that LMTP is just for delivering new mails but is there > really no need to restrict this further? To me it seems reasonable, > to force all services on this machine to go through Postfix and not > be able to just put e-mails in the users mailboxes via LMTP. Am I > missing something? You are supposed to change that to a setting suitable for your setup. # Change lmtp socket to safe mode for postfix service lmtp { unix_listener lmtp { mode = 0220 user = postfix group = postfix } } For example like this. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org