Hi,
White, Daniel E. (GSFC-770.0)[NICS] <daniel.e.white at nasa.gov> (Fr 14
Mai 2021 14:37:15 CEST):> I am struggling to update a very old set of mail servers.
> Some are supposed to be relays (MTAs by my understanding) while others are
where the mailboxes live (MDA)
It depends on how your MTA hands-over the messages to the Mail Storage
Agend (MSA).
If both are on the same machine, in the same file system, there are
multiple methods:
- direct file system access: The MTA knows about the internal
structure of the MSA and writes directly to the (mostly
Maildir) mailboxes. This is considered bad practice.
- local delivery agent: `dovecot-deliver` read the message from standard
input and - as part of the MSA - it knows about the internal structure
and hides it from the MTA. This is good practice, but it may impose
permission issues.
- LMTP: The MTA uses a variant of the SMTP protocol to push the message
to the MSA, dovecot can listen on a Unix-Domain socket, as well as on
an INET socket, and serve as an LMTP server. This is IMHO the best
option, as it allows the best privilege separation, and addtionally
it allows an easy migration from having both (MTA, MSA) on the same
machine to separate machines.
If you have both (MTA, MSA) on distinct machines, then only LMTP is your
option. I'm pretty sure that Postfix can use LMTP over INET style network
connections. Depending on how you trust into your network, you should
consider using TLS for this connection.
Best regards from Dresden/Germany
Viele Gr??e aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20210514/67497e86/attachment.sig>