[Dovecot] LMTP ignoring tcpwrappers
Timo Sirainen
tss at iki.fi
Fri Jan 20 21:34:07 EET 2012
On 20.1.2012, at 0.30, Harm Weites wrote:
> we want to use dovecot LMTP for efficient mail delivery from our MX
> servers (running postfix 2.8) to our storage servers (dovecot 2.0.17).
> However, the one problem we see is the lack of access control when using
> LMTP. It apears that every client in our network who has access to the
> storage machines can drop a message in a Maildir of any user on that
> storage server.
Is it a real problem? Can't they just as easily drop messages to other users' maildirs simply by sending the mail via SMTP?
> To prevent this behaviour it would be nice to use
> libwrap, just as it can be used for POP3/IMAP protocols.
> This, however, seems to be impossible using the configuration as
> mentioned on the dovecot wiki:
>
> login_access_sockets = tcpwrap
>
> This seems to imply it only works for a login, and LMTP does not use
> that. The above works perfectly when trying to block access to IMAP or
> POP3 in /etc/hosts.deny, though a setting for LMTP is simply ignored.
Right. I'm not sure if I'd even want to add such feature to LMTP. It doesn't really feel like it belongs there.
> Is there a configuration setting needed for this to work for LMTP, or is
> it simply not possible (yet) and does libwrap support for LMTP requires
> a patch?
Not possible in Dovecot currently. You could use firewall rules.
More information about the dovecot
mailing list