Hi,
White, Daniel E. (GSFC-770.0)[NICS] <daniel.e.white@nasa.gov> (Fr 14 Mai 2021 14:37:15 CEST):
I am struggling to update a very old set of mail servers. Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA)
It depends on how your MTA hands-over the messages to the Mail Storage Agend (MSA).
If both are on the same machine, in the same file system, there are multiple methods:
direct file system access: The MTA knows about the internal structure of the MSA and writes directly to the (mostly Maildir) mailboxes. This is considered bad practice.
local delivery agent:
dovecot-deliver
read the message from standard input and - as part of the MSA - it knows about the internal structure and hides it from the MTA. This is good practice, but it may impose permission issues.LMTP: The MTA uses a variant of the SMTP protocol to push the message to the MSA, dovecot can listen on a Unix-Domain socket, as well as on an INET socket, and serve as an LMTP server. This is IMHO the best option, as it allows the best privilege separation, and addtionally it allows an easy migration from having both (MTA, MSA) on the same machine to separate machines.
If you have both (MTA, MSA) on distinct machines, then only LMTP is your option. I'm pretty sure that Postfix can use LMTP over INET style network connections. Depending on how you trust into your network, you should consider using TLS for this connection.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -