Dovecot wiki LMTP description
List, we are planning a new configuration to which we'll migrate an existing installation shortly. We are hoping to use Dovecot LMTP and have a query about the wiki entry for LMTP
where it suggests this config:
service lmtp { inet_listener lmtp { address = 192.168.0.24 127.0.0.1 ::1 port = 24 }
Does this example mean that LMTP will only listen for input messages from the interface with IP address 192.168.0.24 (plus localhost)? If so, I probably haven't understood how LMTP is intended to work. Is there a reason why we want to limit LMTP to listening for messages from a specific IP on the network? I need to understand that so that I replace ...24 with a suitable host interface that exists on our LAN (we don't have a host at 192.168.0.24).
Apologies for what must seem, to people using LMTP, a very basic question. Nevertheless, I would be grateful for any clarification.
regards, Ron
Am 14.11.2014 um 15:15 schrieb Ron Leach:
List, we are planning a new configuration to which we'll migrate an existing installation shortly. We are hoping to use Dovecot LMTP and have a query about the wiki entry for LMTP
where it suggests this config:
service lmtp { inet_listener lmtp { address = 192.168.0.24 127.0.0.1 ::1 port = 24 }
Does this example mean that LMTP will only listen for input messages from the interface with IP address 192.168.0.24 (plus localhost)? If so, I probably haven't understood how LMTP is intended to work. Is there a reason why we want to limit LMTP to listening for messages from a specific IP on the network?
no - it *listens* on that IP's
the "address" exists for all other services too a server likely has more than one interface / IP
you don't need to have lmtpd listen on any IP in most cases or better said in most cases 127.0.0.1 is just enough because the MTA is running on the same machine
if it comes to security you have two choices:
- reject a port from anything but localhost
- just have the service not listening so it don't need to be protected which is they way to go
on a machine with more than one NIC (public interface and LAN) you have hardly a reason lmtpd listening on the WAN interface but on the to the LAN connected one where 1, 2, 20 MTA's deliver their messages
other practical example:
- dovecot is acting as proxy
- on the same machine dbmail is listening on 127.0.0.1:143 and 127.0.0.1:110 - so both can use the standard port
service imap-login { inet_listener imap { address = 192.168.196.2 port = 143 }
service pop3-login { inet_listener imap { address = 192.168.196.2 port = 110 }
On 14/11/2014 14:23, Reindl Harald wrote:
Am 14.11.2014 um 15:15 schrieb Ron Leach:
service lmtp { inet_listener lmtp { address = 192.168.0.24 127.0.0.1 ::1 port = 24 }
Does this example mean that LMTP will only listen for input messages from the interface with IP address 192.168.0.24 (plus localhost)? If so, I probably haven't understood how LMTP is intended to work. Is there a reason why we want to limit LMTP to listening for messages from a specific IP on the network?
no - it *listens* on that IP's
the "address" exists for all other services too a server likely has more than one interface / IP
Got it. Thanks, Harald, and Fernando. I had wondered whether the ...24 was just the example machine for the LMTP host but the wiki was silent on that so, rather than guess, I though it best to check.
We will be running LMTP and Exim on the same machine so may leave the machine's external port 24 unserved.
Grateful, Ron
Hello Ron,
On 14/11/2014 15:15, Ron Leach wrote:
Does this example mean that LMTP will only listen for input messages from the interface with IP address 192.168.0.24 (plus localhost)? If so, I probably haven't understood how LMTP is intended to work. Is there a reason why we want to limit LMTP to listening for messages from a specific IP on the network? I need to understand that so that I replace ...24 with a suitable host interface that exists on our LAN (we don't have a host at 192.168.0.24).
No, it *listens* on that addresses (port 24) LMTP is intended for local mail transfer. The best way to use it, if dovecot LDA and MTA are on the same machine, is to use a unix socket like this (example for postfix):
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix }
if you prefer to use an inet listener, do it only for the needed addresses (not public / internet faced ones) or reject unauthorized networks.
-FM
participants (3)
-
Fernando Maule
-
Reindl Harald
-
Ron Leach