Dovecot wiki LMTP description

Reindl Harald h.reindl at thelounge.net
Fri Nov 14 14:23:43 UTC 2014 

Am 14.11.2014 um 15:15 schrieb Ron Leach:
> List, we are planning a new configuration to which we'll migrate an
> existing installation shortly.  We are hoping to use Dovecot LMTP and
> have a query about the wiki entry for LMTP
>
> http://wiki2.dovecot.org/LMTP
>
> where it suggests this config:
>
> service lmtp {
>    inet_listener lmtp {
>      address = 192.168.0.24 127.0.0.1 ::1
>      port = 24
>    }
>
> Does this example mean that LMTP will only listen for input messages
> from the interface with IP address 192.168.0.24 (plus localhost)?  If
> so, I probably haven't understood how LMTP is intended to work.  Is
> there a reason why we want to limit LMTP to listening for messages from
> a specific IP on the network?

no - it *listens* on that IP's

the "address" exists for all other services too
a server likely has more than one interface / IP

you don't need to have lmtpd listen on any IP in most cases or better 
said in most cases 127.0.0.1 is just enough because the MTA is running 
on the same machine

if it comes to security you have two choices:

* reject a port from anything but localhost
* just have the service not listening so it don't
   need to be protected which is they way to go

on a machine with more than one NIC (public interface and LAN) you have 
hardly a reason lmtpd listening on the WAN interface but on the to the 
LAN connected one where 1, 2, 20 MTA's deliver their messages
________________________________________________________

other practical example:

* dovecot is acting as proxy
* on the same machine dbmail is listening on 127.0.0.1:143
   and 127.0.0.1:110 - so both can use the standard port

service imap-login {
   inet_listener imap {
     address                    = 192.168.196.2
     port                       = 143
   }

service pop3-login {
   inet_listener imap {
     address                    = 192.168.196.2
     port                       = 110
   }

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141114/4ae913bf/attachment-0001.sig>

More information about the dovecot mailing list