On Mon, Mar 31, 2025 at 04:23:37PM -0700, Herb Weiner via Postfix-users wrote:
> service lmtp {
> inet_listener lmtp {
> address = *
> port = 24
> }
>
> unix_listener /var/spool/postfix/private/lmtp {
> group = postfix
> mode = 0660
> user = postfix
> }
> }
There's your mistake! You MUST NOT put the LMTP server listener
socket in the Postfix "private" directory, at least NOT under
that name. This collides with the listener socket of the
Postfix "lmtp" delivery agent!
Given you're exposing the service on port 24 on external addresses,
there's no reaso to go out of your way to protect the Dovecot LMTP
server socket by making it 0600, and hiding it in
/var/spool/postfix/private.
Instead:
- Avoid chroot in the master.cf entry of the "lmtp unix" delivery agent.
- Put the socket in /var/run/dovecot/ or similar, where the
"postfix" user will be able to access it.
- If only Postfix needs LMTP access, don't enable the Dovecot LMTP "inet"
service.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
