On Sun, 31 Mar 2024 12:55:09 +0200
da-dovecotlist-15--- via dovecot <dovecot@dovecot.org> wrote:
> I was surprised to find that the LMTP socket has permission mode 0666
> by default and since configs are merged with defaults, there is no
> way to disable this AFAICS.
>
> # doveconf -d
> ...
> service lmtp {
> unix_listener lmtp {
> group =
> mode = 0666
> user =
> }
> ...
> }
>
> Is this also how it is supposed to be used in production? I
> understand that LMTP is just for delivering new mails but is there
> really no need to restrict this further? To me it seems reasonable,
> to force all services on this machine to go through Postfix and not
> be able to just put e-mails in the users mailboxes via LMTP. Am I
> missing something?
You are supposed to change that to a setting suitable for your setup.
# Change lmtp socket to safe mode for postfix
service lmtp {
unix_listener lmtp {
mode = 0220
user = postfix
group = postfix
}
}
For example like this.
--
Tuomo Soini <t...@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
