On Sun, 31 Mar 2024 12:55:09 +0200 da-dovecotlist-15--- via dovecot <dovecot@dovecot.org> wrote:
I was surprised to find that the LMTP socket has permission mode 0666 by default and since configs are merged with defaults, there is no way to disable this AFAICS.
# doveconf -d ... service lmtp { unix_listener lmtp { group = mode = 0666 user = } ... }
Is this also how it is supposed to be used in production? I understand that LMTP is just for delivering new mails but is there really no need to restrict this further? To me it seems reasonable, to force all services on this machine to go through Postfix and not be able to just put e-mails in the users mailboxes via LMTP. Am I missing something?
You are supposed to change that to a setting suitable for your setup.
# Change lmtp socket to safe mode for postfix service lmtp { unix_listener lmtp { mode = 0220 user = postfix group = postfix } }
For example like this.
-- Tuomo Soini <tis@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/>