Separating Dovecot and Postfix

Heiko Schlittermann hs at schlittermann.de
Fri May 14 18:07:06 EEST 2021 

Hi,

White, Daniel E. (GSFC-770.0)[NICS] <daniel.e.white at nasa.gov> (Fr 14 Mai 2021 14:37:15 CEST):
> I am struggling to update a very old set of mail servers.
> Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA)

It depends on how your MTA hands-over the messages to the Mail Storage
Agend (MSA).

If both are on the same machine, in the same file system, there are
multiple methods:

- direct file system access: The MTA knows about the internal
  structure of the MSA and writes directly to the (mostly
  Maildir) mailboxes. This is considered bad practice.

- local delivery agent: `dovecot-deliver` read the message from standard
  input and - as part of the MSA - it knows about the internal structure
  and hides it from the MTA. This is good practice, but it may impose
  permission issues.

- LMTP: The MTA uses a variant of the SMTP protocol to push the message
  to the MSA, dovecot can listen on a Unix-Domain socket, as well as on
  an INET socket, and serve as an LMTP server. This is IMHO the best
  option, as it allows the best privilege separation, and addtionally
  it allows an easy migration from having both (MTA, MSA) on the same
  machine to separate machines.

If you have both (MTA, MSA) on distinct machines, then only LMTP is your
option. I'm pretty sure that Postfix can use LMTP over INET style network
connections. Depending on how you trust into your network, you should
consider using TLS for this connection.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210514/67497e86/attachment.sig>

More information about the dovecot mailing list