[Dovecot] LMTP ignoring tcpwrappers

Harm Weites harm at vevida.nl
Fri Jan 20 00:30:12 EET 2012


Hello,

we want to use dovecot LMTP for efficient mail delivery from our MX
servers (running postfix 2.8) to our storage servers (dovecot 2.0.17).
However, the one problem we see is the lack of access control when using
LMTP. It apears that every client in our network who has access to the
storage machines can drop a message in a Maildir of any user on that
storage server. To prevent this behaviour it would be nice to use
libwrap, just as it can be used for POP3/IMAP protocols.
This, however, seems to be impossible using the configuration as
mentioned on the dovecot wiki:

login_access_sockets = tcpwrap
service tcpwrap {
  unix_listener login/tcpwrap {
    group = $default_login_user
    mode = 0600
    user = $default_login_user
  }
}

This seems to imply it only works for a login, and LMTP does not use
that. The above works perfectly when trying to block access to IMAP or
POP3 in /etc/hosts.deny, though a setting for LMTP is simply ignored.

Is there a configuration setting needed for this to work for LMTP, or is
it simply not possible (yet) and does libwrap support for LMTP requires
a patch?

Any help is appreciated.

Regards,
Harm




More information about the dovecot mailing list