[Dovecot] LDA vs. LMTP
Joseph Tam
jtam.home at gmail.com
Fri Aug 2 12:43:04 EEST 2013
(Weird: this message digest got dumped into Google's spam folder. Maybe
it didn't like the string in a later post (obfuscated here) master(dot)cf,
which in the context of this mailing list is a postfix configuration
file, but which Gmail interpret as a website. However, that domain
is a SURBL/DBL blacklisted URI).
Ben Morrow writes:
> > > And when it's running as root there is always the danger
> > > of privilege escalation. LDA only runs when it's needed and since it
> > > uses only user rights it shoudbe more harmless.
> >
> > ...
> > (I'm assuming LMTP stays as root, and not spawning off user
> > processes to do the real work.)
>
> It doesn't stay as root; Dovecot's LMTP switches down to the user's uid
> to perform delivery, including sieve scripts.
I stand corrected. This removes the other objection that the original
poster for running a peristent LMTP process.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list