Am 14.11.2014 um 15:15 schrieb Ron Leach:
List, we are planning a new configuration to which we'll migrate an existing installation shortly. We are hoping to use Dovecot LMTP and have a query about the wiki entry for LMTP
where it suggests this config:
service lmtp { inet_listener lmtp { address = 192.168.0.24 127.0.0.1 ::1 port = 24 }
Does this example mean that LMTP will only listen for input messages from the interface with IP address 192.168.0.24 (plus localhost)? If so, I probably haven't understood how LMTP is intended to work. Is there a reason why we want to limit LMTP to listening for messages from a specific IP on the network?
no - it *listens* on that IP's
the "address" exists for all other services too a server likely has more than one interface / IP
you don't need to have lmtpd listen on any IP in most cases or better said in most cases 127.0.0.1 is just enough because the MTA is running on the same machine
if it comes to security you have two choices:
- reject a port from anything but localhost
- just have the service not listening so it don't need to be protected which is they way to go
on a machine with more than one NIC (public interface and LAN) you have hardly a reason lmtpd listening on the WAN interface but on the to the LAN connected one where 1, 2, 20 MTA's deliver their messages
other practical example:
- dovecot is acting as proxy
- on the same machine dbmail is listening on 127.0.0.1:143 and 127.0.0.1:110 - so both can use the standard port
service imap-login { inet_listener imap { address = 192.168.196.2 port = 143 }
service pop3-login { inet_listener imap { address = 192.168.196.2 port = 110 }