[CentOS] cyrus: socket options

Sat Mar 17 12:10:38 UTC 2018
hw <hw at gc-24.de>

On 03/16/2018 10:21 PM, Alexander Dalloz wrote:
> Am 16.03.2018 um 13:07 schrieb hw:
>> [...]
>>    # lmtp                cmd="lmtpd -a" listen="lmtp:" prefork=4
>>    lmtpunix      cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" 
>> prefork=4
>> [...]
> Both definitions are wrong:
> 1) the lmtp line
> man cyrus.conf
> listen=<no default>
> The UNIX or internet socket to listen on. This string field is required 
> and takes one of the following forms:
> path
> [ host : ] port
> So listen="lmtp:" is utterly nonsense. It would be 
> listen="" if you want to restrict access to localhost.

Right, that must have come from all the experimentation and gone unnoticed.

> 2) the lmtpunix line
> man lmtpd
> -a
>      Preauthorize connections initiated on an internet socket, instead 
> of requiring LMTP AUTH. This should only be used for connections coming 
> from trusted hosts.
> So no pre-auth on the unix socket.

I read it such that '-a' means I don´t need to worry about authorization.

Do you mean to say it should only be used when the socket is not a file? 
  If that is so, the manpage should say that, and it should say what the 
option does when the socket is a file.  Maybe it´s ignored for files, 
maybe it breaks stuff.  The manpage does not say that authorization is 
omitted when the socket is a file, so what does it actually say?

> And why do you define a prefork of 4?

Why not?  The server has 4 cores, and I haven´t read any suggestions yet 
about how many processes should be preforked.  I can imagine it might 
not make sense or not work at all when the socket is a file and that it 
might not make sense when the socket is not a file because there are no 
other hosts connecting.  IIRC exim can spawn processes to do deliveries, 
so it might yet make sense despite no other hosts connect.

> Alexander
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos