I am struggling to update a very old set of mail servers. Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA)
In rebuilding the MDA servers, is postfix required on the same server or can dovecot connect to postfix on a separate MTA server ? The old MDAs have both installed, but the config files are a mess.
On Fri, May 14, 2021 at 12:37:15 +0000, White, Daniel E. (GSFC-770.0)[NICS] wrote:
I am struggling to update a very old set of mail servers. Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA)
In rebuilding the MDA servers, is postfix required on the same server or can dovecot connect to postfix on a separate MTA server ? The old MDAs have both installed, but the config files are a mess.
They can live on different servers. I have two - one with postfix and mailman, and a second one with dovecot. Postfix delivers mail to dovecot via lmtp.
Jeff.
Many thanks, Jeff. Online documentation is not clear. Everything implies both are necessary.
-----Original Message----- From: Josef 'Jeff' Sipek <jeff.sipek@open-xchange.com> Date: Friday, May 14, 2021 at 08:40 To: Daniel White <daniel.e.white@nasa.gov> Cc: "dovecot@dovecot.org" <dovecot@dovecot.org> Subject: [EXTERNAL] Re: Separating Dovecot and Postfix
On Fri, May 14, 2021 at 12:37:15 +0000, White, Daniel E. (GSFC-770.0)[NICS] wrote:
> I am struggling to update a very old set of mail servers.
> Some are supposed to be relays (MTAs by my understanding) while others are
> where the mailboxes live (MDA)
>
> In rebuilding the MDA servers, is postfix required on the same server or
> can dovecot connect to postfix on a separate MTA server ? The old MDAs
> have both installed, but the config files are a mess.
They can live on different servers. I have two - one with postfix and
mailman, and a second one with dovecot. Postfix delivers mail to dovecot
via lmtp.
Jeff.
Hi,
White, Daniel E. (GSFC-770.0)[NICS] <daniel.e.white@nasa.gov> (Fr 14 Mai 2021 14:37:15 CEST):
I am struggling to update a very old set of mail servers. Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA)
It depends on how your MTA hands-over the messages to the Mail Storage Agend (MSA).
If both are on the same machine, in the same file system, there are multiple methods:
direct file system access: The MTA knows about the internal structure of the MSA and writes directly to the (mostly Maildir) mailboxes. This is considered bad practice.
local delivery agent:
dovecot-deliver
read the message from standard input and - as part of the MSA - it knows about the internal structure and hides it from the MTA. This is good practice, but it may impose permission issues.LMTP: The MTA uses a variant of the SMTP protocol to push the message to the MSA, dovecot can listen on a Unix-Domain socket, as well as on an INET socket, and serve as an LMTP server. This is IMHO the best option, as it allows the best privilege separation, and addtionally it allows an easy migration from having both (MTA, MSA) on the same machine to separate machines.
If you have both (MTA, MSA) on distinct machines, then only LMTP is your option. I'm pretty sure that Postfix can use LMTP over INET style network connections. Depending on how you trust into your network, you should consider using TLS for this connection.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
-- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -
Vielen Dank. (Google Translate)
LMTP seems the way to go.
-----Original Message----- From: dovecot <dovecot-bounces@dovecot.org> on behalf of Heiko Schlittermann <hs@schlittermann.de> Organization: schlittermann -- internet & unix support Date: Friday, May 14, 2021 at 11:08 To: <dovecot@dovecot.org> Subject: [EXTERNAL] Re: Separating Dovecot and Postfix
Hi,
White, Daniel E. (GSFC-770.0)[NICS] <daniel.e.white@nasa.gov> (Fr 14 Mai 2021 14:37:15 CEST):
> I am struggling to update a very old set of mail servers.
> Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA)
It depends on how your MTA hands-over the messages to the Mail Storage
Agend (MSA).
If both are on the same machine, in the same file system, there are
multiple methods:
- direct file system access: The MTA knows about the internal
structure of the MSA and writes directly to the (mostly
Maildir) mailboxes. This is considered bad practice.
- local delivery agent: `dovecot-deliver` read the message from standard
input and - as part of the MSA - it knows about the internal structure
and hides it from the MTA. This is good practice, but it may impose
permission issues.
- LMTP: The MTA uses a variant of the SMTP protocol to push the message
to the MSA, dovecot can listen on a Unix-Domain socket, as well as on
an INET socket, and serve as an LMTP server. This is IMHO the best
option, as it allows the best privilege separation, and addtionally
it allows an easy migration from having both (MTA, MSA) on the same
machine to separate machines.
If you have both (MTA, MSA) on distinct machines, then only LMTP is your
option. I'm pretty sure that Postfix can use LMTP over INET style network
connections. Depending on how you trust into your network, you should
consider using TLS for this connection.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
participants (3)
-
Heiko Schlittermann
-
Josef 'Jeff' Sipek
-
White, Daniel E. (GSFC-770.0)[NICS]