红帽全球峰会1.6. Configuring an LMTP socket and LMTPS listener
SMTP servers, such as Postfix, use the Local Mail Transfer Protocol (LMTP) to deliver emails to Dovecot. If the SMTP server runs:
- On the same host as Dovecot, use an LMTP socket
On a different host, use an LMTP service
By default, the LMTP protocol is not encrypted. However, if you configured TLS encryption, Dovecot uses the same settings automatically for the LMTP service. SMTP servers can then connect to it by using the LMTPS protocol or the
STARTTLScommand over LMTP.
Prerequisites
- Dovecot is installed.
- If you want to configure an LMTP service, TLS encryption is configured in Dovecot.
Procedure
Verify that the LMTP protocol is enabled:
# doveconf -a | grep -E "^protocols" protocols = imap pop3 lmtpThe protocol is enabled, if the output contains
lmtp.If the
lmtpprotocol is disabled, edit the/etc/dovecot/dovecot.conffile, and appendlmtpto the values in theprotocolsparameter:protocols = ... lmtpDepending on whether you need an LMTP socket or service, make the following changes in the
service lmtpsection in the/etc/dovecot/conf.d/10-master.conffile:LMTP socket: By default, Dovecot automatically creates the
/var/run/dovecot/lmtpsocket.Optional: Customize the ownership and permissions:
service lmtp { ... unix_listener lmtp { mode = 0600 user = postfix group = postfix } ... }LMTP service: Add a
inet_listenersub-section:service lmtp { ... inet_listener lmtp { port = 24 } ... }
Configure
firewalldrules to allow only the SMTP server to access the LMTP port, for example:# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.0.2.1/32" port protocol="tcp" port="24" accept" # firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv6" source address="2001:db8:2::1/128" port protocol="tcp" port="24" accept" # firewall-cmd --reloadThe subnet masks
/32for the IPv4 and/128for the IPv6 address limit the access to the specified addresses.Reload Dovecot:
# systemctl reload dovecot
Verification
If you configured the LMTP socket, verify that Dovecot has created the socket and that the permissions are correct:
# ls -l /var/run/dovecot/lmtp srw-------. 1 postfix postfix 0 Nov 22 17:17 /var/run/dovecot/lmtpConfigure the SMTP server to submit emails to Dovecot using the LMTP socket or service.
When you use the LMTP service, ensure that the SMTP server uses the LMTPS protocol or sends the
STARTTLScommand to use an encrypted connection.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}