I am wondering if it's possible to have a tcp listener for LMTP do
authentication and not accept any unauthenticated mail.
My configuration looks like the following:
service lmtp {
inet_listener lmtp {
address = 192.168.0.1 127.0.0.1
port = 24
}
}
This gives me a network reachable lmtp socket, but of course no
autentication. When reading the docs, it seems though that only userdb
lookup and no actual authentication is supported?
Is that understanding correct?
cheers,
Andreas
Op 12-9-2018 om 11:13 schreef Andreas Thienemann:> I am wondering if it's possible to have a tcp listener for LMTP do > authentication and not accept any unauthenticated mail. > > My configuration looks like the following: > > service lmtp { > ? inet_listener lmtp { > ??? address = 192.168.0.1 127.0.0.1 > ??? port = 24 > ? } > } > > This gives me a network reachable lmtp socket, but of course no > autentication. When reading the docs, it seems though that only userdb > lookup and no actual authentication is supported? > > Is that understanding correct?LMTP currently does not support AUTH. What is your use case? Most people hide LMTP behind a firewall, or don't expose it through TCP/IP in the first place. Regards, Stephan.
Hi Stephan, On Wed, 12 Sep 2018, Stephan Bosch wrote:> LMTP currently does not support AUTH.Bummer. Thought so.> What is your use case? Most people hide LMTP behind a firewall, or don't > expose it through TCP/IP in the first place.The port is currently only available to a few trusted machines, but having auth available would have been a nice benefit in case the firewall gets misconfigured. Cyrus for example will expose the LMTP port via TCP if configured, but expects valid user credentials. The larger use-case is a migration from cyrus to dovecot. As it's not just the MDA but also the MTA installation that is being migrated I need a way to deliver mail from the old MTA to the new MDA. LMTP comes in handy. https://github.com/ixs/lmtp_proxy/blob/master/README.md#minmal-downtime-migration-of-users has a rough invocation of the steps needed for that. As I said, LMTP auth isn't critical for this, but would have been a nice addition. cheers, Andreas