1 Aug
2019
1 Aug
'19
3:36 p.m.
On 31 Jul 2019, at 20.45, A. Schulze via dovecot dovecot@dovecot.org wrote:
Am 31.07.19 um 08:27 schrieb Sami Ketola via dovecot:
service lmtp { user = vmail }
please remove user = vmail from here or change it to root.
for security reasons lmtp service must be started as root since version 2.2.36. lmtp will drop root privileges after initialisation but it needs to open /self/proc/io as root before that.
Hello Sami,
I don't read "root is required for lmtp" in https://wiki.dovecot.org/LMTP#Security neither does https://dovecot.org/doc/NEWS-2.2 say so. Could you proof that statement somehow?
Alternative is:
service lmtp { user = vmail drop_priv_before_exec = yes }
I'm not sure if you run into other problems with that.