[EXTERNAL] Re: Separating Dovecot and Postfix

White, Daniel E. (GSFC-770.0)[NICS] daniel.e.white at nasa.gov
Fri May 14 18:11:09 EEST 2021 

Vielen Dank. (Google Translate)

LMTP seems the way to go.

-----Original Message-----
From: dovecot <dovecot-bounces at dovecot.org> on behalf of Heiko Schlittermann <hs at schlittermann.de>
Organization: schlittermann -- internet & unix support
Date: Friday, May 14, 2021 at 11:08
To: <dovecot at dovecot.org>
Subject: [EXTERNAL] Re: Separating Dovecot and Postfix

    Hi,

    White, Daniel E. (GSFC-770.0)[NICS] <daniel.e.white at nasa.gov> (Fr 14 Mai 2021 14:37:15 CEST):
    > I am struggling to update a very old set of mail servers.
    > Some are supposed to be relays (MTAs by my understanding) while others are where the mailboxes live (MDA)

    It depends on how your MTA hands-over the messages to the Mail Storage
    Agend (MSA).

    If both are on the same machine, in the same file system, there are
    multiple methods:

    - direct file system access: The MTA knows about the internal
      structure of the MSA and writes directly to the (mostly
      Maildir) mailboxes. This is considered bad practice.

    - local delivery agent: `dovecot-deliver` read the message from standard
      input and - as part of the MSA - it knows about the internal structure
      and hides it from the MTA. This is good practice, but it may impose
      permission issues.

    - LMTP: The MTA uses a variant of the SMTP protocol to push the message
      to the MSA, dovecot can listen on a Unix-Domain socket, as well as on
      an INET socket, and serve as an LMTP server. This is IMHO the best
      option, as it allows the best privilege separation, and addtionally
      it allows an easy migration from having both (MTA, MSA) on the same
      machine to separate machines.

    If you have both (MTA, MSA) on distinct machines, then only LMTP is your
    option. I'm pretty sure that Postfix can use LMTP over INET style network
    connections. Depending on how you trust into your network, you should
    consider using TLS for this connection.

        Best regards from Dresden/Germany
        Viele Grüße aus Dresden
        Heiko Schlittermann
    --
     SCHLITTERMANN.de ---------------------------- internet & unix support -
     Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
     gnupg encrypted messages are welcome --------------- key ID: F69376CE -

More information about the dovecot mailing list