I am wondering if it's possible to have a tcp listener for LMTP do authentication and not accept any unauthenticated mail.
My configuration looks like the following:
service lmtp { inet_listener lmtp { address = 192.168.0.1 127.0.0.1 port = 24 } }
This gives me a network reachable lmtp socket, but of course no autentication. When reading the docs, it seems though that only userdb lookup and no actual authentication is supported?
Is that understanding correct?
cheers, Andreas
Op 12-9-2018 om 11:13 schreef Andreas Thienemann:
I am wondering if it's possible to have a tcp listener for LMTP do authentication and not accept any unauthenticated mail.
My configuration looks like the following:
service lmtp { inet_listener lmtp { address = 192.168.0.1 127.0.0.1 port = 24 } }
This gives me a network reachable lmtp socket, but of course no autentication. When reading the docs, it seems though that only userdb lookup and no actual authentication is supported?
Is that understanding correct?
LMTP currently does not support AUTH.
What is your use case? Most people hide LMTP behind a firewall, or don't expose it through TCP/IP in the first place.
Regards,
Stephan.
Hi Stephan,
On Wed, 12 Sep 2018, Stephan Bosch wrote:
LMTP currently does not support AUTH.
Bummer. Thought so.
What is your use case? Most people hide LMTP behind a firewall, or don't expose it through TCP/IP in the first place.
The port is currently only available to a few trusted machines, but having auth available would have been a nice benefit in case the firewall gets misconfigured. Cyrus for example will expose the LMTP port via TCP if configured, but expects valid user credentials.
The larger use-case is a migration from cyrus to dovecot. As it's not just the MDA but also the MTA installation that is being migrated I need a way to deliver mail from the old MTA to the new MDA. LMTP comes in handy. https://github.com/ixs/lmtp_proxy/blob/master/README.md#minmal-downtime-migr... has a rough invocation of the steps needed for that.
As I said, LMTP auth isn't critical for this, but would have been a nice addition.
cheers, Andreas
Am 12.09.18 um 13:41 schrieb Andreas Thienemann:
Hi Stephan,
On Wed, 12 Sep 2018, Stephan Bosch wrote:
LMTP currently does not support AUTH.
Bummer. Thought so.
What is your use case? Most people hide LMTP behind a firewall, or don't expose it through TCP/IP in the first place.
The port is currently only available to a few trusted machines, but having auth available would have been a nice benefit in case the firewall gets misconfigured. Cyrus for example will expose the LMTP port via TCP if configured, but expects valid user credentials.
The larger use-case is a migration from cyrus to dovecot. As it's not just the MDA but also the MTA installation that is being migrated I need a way to deliver mail from the old MTA to the new MDA. LMTP comes in handy. https://github.com/ixs/lmtp_proxy/blob/master/README.md#minmal-downtime-migr... has a rough invocation of the steps needed for that.
As I said, LMTP auth isn't critical for this, but would have been a nice addition.
Hello,
I had a similar question some weeks ago: https://dovecot.org/pipermail/dovecot/2018-August/112518.html But I tried to use tcpwrap support (which is unfortunately not available for LMTP)
My use case are docker containers: an MTA container deliver to a dovecot container via LMPT over IP. In case of any misconfigation I would like to at least limit who could connect to the LMTP server.
I'm just using a unix socket for now...
Andreas
participants (4)
-
A. Schulze
-
Andreas Thienemann
-
Andreas Thienemann
-
Stephan Bosch