Re: [Dovecot] LDA vs. LMTP
On 7/29/2013 6:05 PM, Ben Morrow wrote: > At 4PM -0500 on 29/07/13 you (Stan Hoeppner) wrote: >> On 7/29/2013 2:30 AM, Jan Behrend wrote: >> >>> You cannot use the LDA method if SMTP and IMAP services reside on >>> different machines, which would be the case in larger scale mail system >>> setups. >> >> Which brings up an interesting point. With a single LMTP daemon on the >> Dovecot server communicating via a single socket with the upstream MTA >> over the wire, it would stand to reason that message throughput rate may >> be limited by serialization in the LMTP request/reply chain. There is >> no parallelism, and thus there is relatively high latency. You snipped the text where I stated this is a theoretical discussion, due to the high msg volume required to prove one over the other. That said, I'll gladly continue to postulate on the theoretical. > What makes you think an SMTP server delivering over LMTP only makes a > single connection to the LMTP server? I believe Postfix by default makes > a fresh connection for each delivery. No, Postfix by default uses connection caching w/both SMTP and LMTP: http://www.postfix.org/postconf.5.html#lmtp_cache_connection If the load is sufficiently high it will open additional connections, but it attempts to reuse existing connections as much as possible to eliminate additional connection setup delays, which can be considerable with SMTP servers. For instance some OPs insert 2 minute or longer greet delays as a (very crude) anti spam bot measure. Connection caching is an SMTP optimization, and not nearly as beneficial to LMTP. The Postfix SMTP/LMTP clients are literally the same code. -- Stan
Re: [Dovecot] Maildir permissions and Solr re-indexing
Michael Welsh Duggan writes: All the files in my Maildir are owned by md5i:mail (I am md5i), and have 660 permissions. All directories have the same user:group permissions, and 770 with the setguid bit set. (That last may not be necessary, but ... doveadm(md5i): Error: fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(md5i), group based on /home/md5i/Maildir/.mail.test - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm) After this, each directory has a dovecot.index.log with md5i:md5i 600 permissions. I think the cause is clear enough: you (user=md5i/uid=1000) are not part of group mail (gid=8), so the dovecot user process doing things on your behalf cannot create index files that are anlogous to the mailbox it's indexing. You can either 1) add "md5i" to group mail 2) remove g+w permission on your mail files (making group membership irrelevant) 3) fiddle with "mail_privileged_group = mail", but I'm a little hazy on all the ramifications of this. I don't know your particular circumstances, so I don't know which is best. If (big if) nothing on your system (particularly the MTA) requires access to your mail spool files by running as group=mail, probably 2) is your best option. Joseph Tam
Re: [Dovecot] LDA vs. LMTP
At 4PM -0500 on 29/07/13 you (Stan Hoeppner) wrote: > On 7/29/2013 2:30 AM, Jan Behrend wrote: > > > You cannot use the LDA method if SMTP and IMAP services reside on > > different machines, which would be the case in larger scale mail system > > setups. > > Which brings up an interesting point. With a single LMTP daemon on the > Dovecot server communicating via a single socket with the upstream MTA > over the wire, it would stand to reason that message throughput rate may > be limited by serialization in the LMTP request/reply chain. There is > no parallelism, and thus there is relatively high latency. What makes you think an SMTP server delivering over LMTP only makes a single connection to the LMTP server? I believe Postfix by default makes a fresh connection for each delivery. Ben
Re: [Dovecot] LDA vs. LMTP
On 7/29/2013 2:30 AM, Jan Behrend wrote: > You cannot use the LDA method if SMTP and IMAP services reside on > different machines, which would be the case in larger scale mail system > setups. Which brings up an interesting point. With a single LMTP daemon on the Dovecot server communicating via a single socket with the upstream MTA over the wire, it would stand to reason that message throughput rate may be limited by serialization in the LMTP request/reply chain. There is no parallelism, and thus there is relatively high latency. In the case of LDA with an SMTP MTA on the local box, the potential exists for very high parallelism, and thus elimination of the latency in serial delivery over a single socket with LMTP. So in theory, while LDA in this scenario would consume far more resources with a very high message load, one should be able to attain much higher message throughput. I say in theory because I've not tested this head to head. -- Stan
Re: [Dovecot] LDA vs. LMTP
Joseph Tam wrote: > I don't know why you would consider a background process inferior to a > run-on-demand executable. Well, the background process is hogging CPU and RAM while it basically does nothing. And when it's running as root there is always the danger of privilege escalation. LDA only runs when it's needed and since it uses only user rights it shoudbe more harmless. bye Martin
[Dovecot] Problem switching from Dovecot LDA to LMTP - on dovecot 2.2.4
Dovecot LDA has been working fine for me but when I tried to follow the wiki and switch to LMTP I get: Recipient address rejected: User unknown in local recipient table; In postfix/main.cf I went from: mailbox_transport = dovecot-spam to mailbox_transport = lmtp:unix:private/dovecot-lmtp Added this: service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } protocol lmtp { mail_fsync = optimized postmaster_address = postmaster@domainname mail_plugins = sieve zlib } And some other pertinent parts of the config: passdb { args = /etc/dovecot/passdb driver = passwd-file } passdb { driver = pam } protocol lda { mail_fsync = optimized auth_socket_path = /var/run/dovecot/auth-master deliver_log_format = msgid=%m: %$ mail_plugin_dir = /usr/local/lib/dovecot mail_plugins = sieve zlib postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to <%t> was automatically rejected:%n%r lda_mailbox_autocreate = yes }
Re: [Dovecot] Maildir permissions and Solr re-indexing
I should have mentioned: dovecot 2.1.7 from Debian unstable. Michael Welsh Duggan writes: > I am running a very small dovecot installation with only one user (me). > I use the Solr indexer for indexing. Due to complicated reasons, I was > forced to remove all the indexes and need to re-index everything. > > All the files in my Maildir are owned by md5i:mail (I am md5i), and have > 660 permissions. All directories have the same user:group permissions, > and 770 with the setguid bit set. (That last may not be necessary, but > I was trying several things to get my use case to work.) > > Unfortunately, I can't seem to get re-indexing to work. When I do > "doveadm fts rescan -A" as root, I get the following error for each of my > subgroups: > > doveadm(md5i): Error: > fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, > group=8(mail)) failed: Operation not permitted (egid=1000(md5i), group > based on /home/md5i/Maildir/.mail.test - see > http://wiki2.dovecot.org/Errors/ChgrpNoPerm) > > After this, each directory has a dovecot.index.log with md5i:md5i 600 > permissions. > > I've read the mentioned page, and played around with the ideas on it, > but haven't gotten things to work. Anyone have any clue to ship my way? -- Michael Welsh Duggan (m...@md5i.com)
Re: [Dovecot] zlib error when running doveadm
On 22.7.2013, at 18.01, Michael Long wrote: > Upgraded to dovecot 2.2.4 from 2.1.16 > > Error I see is: > > doveadm(root): Error: Module is for different ABI version 2.1.16 (we have > 2.2.ABIv3(2.2.4)): /usr/local/lib/dovecot/doveadm/lib10_doveadm_zlib_plugin.so > > How do I resolve this? Delete that file. v2.2 no longer has doveadm_zlib plugin, because it's built in (to lib-compression).
[Dovecot] Maildir permissions and Solr re-indexing
I am running a very small dovecot installation with only one user (me). I use the Solr indexer for indexing. Due to complicated reasons, I was forced to remove all the indexes and need to re-index everything. All the files in my Maildir are owned by md5i:mail (I am md5i), and have 660 permissions. All directories have the same user:group permissions, and 770 with the setguid bit set. (That last may not be necessary, but I was trying several things to get my use case to work.) Unfortunately, I can't seem to get re-indexing to work. When I do "doveadm fts rescan -A" as root, I get the following error for each of my subgroups: doveadm(md5i): Error: fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(md5i), group based on /home/md5i/Maildir/.mail.test - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm) After this, each directory has a dovecot.index.log with md5i:md5i 600 permissions. I've read the mentioned page, and played around with the ideas on it, but haven't gotten things to work. Anyone have any clue to ship my way? -- Michael Welsh Duggan (m...@md5i.com)
Re: [Dovecot] Upgrading to dovecot2 broke IDLE on one mailer, but not another
On 07/29/2013 02:55 AM, Steffen Kaiser wrote: Then you'll see if Kaiten issues an IDLE at all and you could also cross check with other logs. Thanks! -- /==\ | John Stracke | http://www.thibault.org | HTML OK | | François Thibault|---| | East Kingdom | "Okay, one more time, with *vowels*." | | fran...@thibault.org | -- Ozy and Millie | \==/
Re: [Dovecot] Dovecot never release preallocated space in mdbox
On Mon, Jul 29, 2013 at 11:48:00AM +0200, Stéphane BERTHELOT wrote: > > mdbox_rotate_size = 128M > mdbox_rotate_interval = 1d > mdbox_preallocate_space = yes > On mailboxes patterns with low incoming mail (< 100kb / day) this > would waste much space. Of course I can decrease rotate size a lot > but it would then produce a lot of files and would certainly become > similar performance-wise to sdbox/maildir/... 128MB is quite a large rotate size if you care about disk space.. We use the default 2 MB, which still packs quite a lot of messages per file compared to maildir. Single maildir-files seems to be around 5-30KB (compressed), which should amount to 50-400 messages per m-file. I don't think that should be similar to maildir/sdbox performance-wise. -jf
Re: [Dovecot] SOLVED for me: how to setup different quota for multiple namespaces
Am 04.02.2013 12:08, schrieb Steffen Kaiser: > On Tue, 22 Jan 2013, Timo Sirainen wrote: > > Hey, it works (for me) now: > > namespace { > type = private > separator = . > prefix = archive. > location = mdbox:/home/%u/archive > #subscriptions = no > #list = children > } > > plugin { > quota = dict:User quota::ns=:proxy::quota > quota2 = dict:Archive quota:%u.archive:ns=archive.:proxy::quota > quota2_rule = *:storage=1048576 > } > > Note the %u.archive _and_ ns=archive. ! The "%u.archive" is used as > "username" in the SQL table and you require another name (primary key) > there for both namespaces, see below. Seems to work for any type of > namespace. > > @Timo: I will going to document this setup in the Wiki unless you say > the syntax is wrong and/or works because of a bug only. > > :-) > > == > > Old response with my debugging/findings for information only. > > > > all the name spaces use one entry in the quota dict table, hence, > it does not work. > >> On 17.1.2013, at 16.58, Andreas Oster wrote: > I just saw on important difference in the doc and this configuration: see http://wiki2.dovecot.org/Quota/Configuration#Quota_for_public_namespaces the ns=name syntax is for _public_ namespaces only. I just tested it with this setup and every message is counted for both namespaces, if delivered into INBOX or a mailbox of the Archive namespace. > >> It should work for all namespaces. > > plugin { > quota = dict:User quota::proxy::quota > quota2 = dict:Archive quota:ns=Archive.:proxy::quota > >> quota = dict:User quota::ns=:proxy::quota >> quota2 = dict:Archive quota::ns=Archive.:proxy::quota > >> That should work? Worked at least in latest v2.1 hg. > > I use these settings now: > > # 2.1.14 (ea7e45c1da72+): > /usr/local/dovecot-2.1.14/etc/dovecot/dovecot.conf > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.6 > > [snip] > > dict { > quota = > pgsql:/usr/local/dovecot-2.1.14/etc/dovecot/dovecot-dict-sql.conf.ext > } > namespace { > location = mdbox:/home/%u/archive > prefix = archive. > separator = . > type = private > } > plugin { > quota = dict:User quota::ns=:proxy::quota > quota2 = dict:Archive quota::ns=archive.:proxy::quota > quota2_rule = *:storage=1048576 > quota_rule = *:storage=300MB > quota_rule2 = Trash:storage=+30M > } > > The problem is now, that there is one row in the quota dict SQL table, > that holds the quota of an user, e.g. doveadm quota recalc executes > these SQL statements: > > 2013-02-04 11:52:07 CET LOG: statement: BEGIN > 2013-02-04 11:52:07 CET LOG: statement: DELETE FROM quota WHERE > username = 'dvtest1' > 2013-02-04 11:52:07 CET LOG: statement: DELETE FROM quota WHERE > username = 'dvtest1' > 2013-02-04 11:52:07 CET LOG: statement: INSERT INTO quota > (bytes,username) VALUES ('2173894','dvtest1') > 2013-02-04 11:52:07 CET LOG: statement: INSERT INTO quota > (messages,username) VALUES ('89','dvtest1') > 2013-02-04 11:52:07 CET LOG: statement: COMMIT > 2013-02-04 11:52:07 CET LOG: statement: BEGIN > 2013-02-04 11:52:07 CET LOG: statement: DELETE FROM quota WHERE > username = 'dvtest1' > 2013-02-04 11:52:07 CET LOG: statement: DELETE FROM quota WHERE > username = 'dvtest1' > 2013-02-04 11:52:07 CET LOG: statement: INSERT INTO quota > (bytes,username) VALUES ('2582','dvtest1') > 2013-02-04 11:52:07 CET LOG: statement: INSERT INTO quota > (messages,username) VALUES ('2','dvtest1') > 2013-02-04 11:52:07 CET LOG: statement: COMMIT > > Deliveries to INBOX or a folder of "archive." yields: > > UPDATE quota SET bytes=bytes+1220,messages=messages+1 WHERE username = > 'dvtest1' > > This is true if I change the type of name spaces "archive" from "private" > into "shared" or "public". > > -- Steffen Kaiser > Hello Steffen, hello all I am still struggling to setup quota for multiple namespaces. In addition to the "INBOX" namespace I have created a namespaces called MailArchive which should have its own quota value of 5G per user. At first I configured quota2 like this: quota2 = maildir:MailArchive quota:ns=MailArchive/ quota2_rule = *:storage=5G and this seemd to work quite well. Users, accessing the MailArchive namespace can see the 5G limit in thair mail client, unfortunately in mail.err errors like these repeatedly appear: Jul 29 11:40:24 mailserver dovecot: imap(testuser): Error: quota: Unknown namespace: MailArchive/ Jul 29 11:41:43 dovecot: last message repeated 47 times In the WIKI I have read, that in order to have quota for different namespaces one would have to use different quota backends so I changed the quota config for the MailArchive namespace to SQL. namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = subscribe driver = special_use = \Drafts } mailbox Junk { auto = subscribe driver =
[Dovecot] Dovecot never release preallocated space in mdbox
Hello everyone, I am currently evaluating dovecot for our new email production servers (20k+ mailboxes) and found out something strange. I'm using those settings on Dovecot 2.2.4 (x86_64 / Slackware / compiled from sources) mdbox_rotate_size = 128M mdbox_rotate_interval = 1d mdbox_preallocate_space = yes with virtual users and location like : mail_location = mdbox:~/mdbox I don't think the remaining config is relevant but ask me if you need some other parts. Using test accounts for 2 weeks now I've figured that the 128M preallocated space is never 'hole punched" (to use a similar term than "man fallocate" on Linux), even when rotating m.* files. From what I understand those files will never be appended again because of the mdbox_rotate_interval. Then doveadm purge creates new files so old ones would never grow again. Here is an example of a mdbox storage using ls -ls (which shows allocated VS used space) total 4065176 1884 -rw--- 1 mail mail 1926656 Jul 29 10:55 dovecot.map.index 4 -rw--- 1 mail mail 460 Jul 29 11:26 dovecot.map.index.log 48 -rw--- 1 mail mail 44304 Jul 29 10:55 dovecot.map.index.log.2 131072 -rw--- 1 mail mail 133165066 Jul 19 15:31 m.10 131072 -rw--- 1 mail mail 133507393 Jul 19 15:32 m.13 131072 -rw--- 1 mail mail 134155182 Jul 19 15:33 m.14 131072 -rw--- 1 mail mail 134213403 Jul 19 15:30 m.2 131072 -rw--- 1 mail mail 46464 Jul 21 04:30 m.21 131072 -rw--- 1 mail mail 134215030 Jul 19 15:30 m.3 131072 -rw--- 1 mail mail 25852 Jul 25 01:54 m.32 131072 -rw--- 1 mail mail 2360 Jul 26 00:05 m.34 131072 -rw--- 1 mail mail169073 Jul 27 23:18 m.35 131072 -rw--- 1 mail mail 31624 Jul 27 01:55 m.36 131072 -rw--- 1 mail mail 134216982 Jul 28 04:30 m.37 131076 -rw--- 1 mail mail 134217804 Jul 28 04:30 m.38 131072 -rw--- 1 mail mail 134217341 Jul 28 04:30 m.39 131072 -rw--- 1 mail mail 134213719 Jul 19 15:30 m.4 131072 -rw--- 1 mail mail 29740970 Jul 28 04:30 m.40 131072 -rw--- 1 mail mail 129175917 Jul 28 04:30 m.41 131072 -rw--- 1 mail mail 133174937 Jul 28 04:30 m.42 131072 -rw--- 1 mail mail633436 Jul 28 04:30 m.43 131072 -rw--- 1 mail mail 3154623 Jul 28 04:30 m.44 131072 -rw--- 1 mail mail 3676879 Jul 28 04:30 m.45 131072 -rw--- 1 mail mail468158 Jul 28 04:30 m.46 131072 -rw--- 1 mail mail 26964 Jul 28 04:30 m.47 131072 -rw--- 1 mail mail 3574599 Jul 28 04:30 m.48 131072 -rw--- 1 mail mail 3789133 Jul 28 04:30 m.49 131072 -rw--- 1 mail mail 134215016 Jul 19 15:30 m.5 131072 -rw--- 1 mail mail 1280074 Jul 28 04:30 m.50 131076 -rw--- 1 mail mail635459 Jul 28 22:47 m.51 131072 -rw--- 1 mail mail 1459418 Jul 29 10:55 m.52 131072 -rw--- 1 mail mail 132941013 Jul 29 11:26 m.53 131072 -rw--- 1 mail mail 134213475 Jul 19 15:30 m.7 131072 -rw--- 1 mail mail 132240074 Jul 19 15:31 m.9 There's a lot of "lost" space since preallocated space would only be reclaimed when *all* emails in m.X file have refcount=0 and after a doveadm purge call, if I read well the dovecot docs. On mailboxes patterns with low incoming mail (< 100kb / day) this would waste much space. Of course I can decrease rotate size a lot but it would then produce a lot of files and would certainly become similar performance-wise to sdbox/maildir/... There would certainly be smart to use something similar to "FALLOC_FL_PUNCH_HOLE" on rotation (when doing close() ?) so that when we're sure there won't be anymore data appended to file that the allocated space == used space. I will disable space preallocation for our next tests since it wastes much storage for us ; did you have any feedback on how much it may affect performance ? I found in this ML archives some messages about the implementation but didn't see anyone clearly stating how much better preallocation is. Thanks, best regards, Stephane Berthelot.
Re: [Dovecot] Expunged message reappeared, giving a new UID
On Fri, 2013-07-26 at 20:26 +0200, Daniel Parthey wrote: > Hi Simon, > > Version 2.2.2 is not current any more. I would try to update to the > latest stable version 2.2.4 first, since some dsync bugs have been > fixed between 2.2.2 and 2.2.4: I've now upgraded to 2.2.4 (and pigeonhole 0.4.1 from 0.4.0 at the same time). I'm still experiencing the same problem, with both Maildir and mdbox format mailboxes. My test imap connection is to only one of the servers at a time - I can reproduce this using 'telnet server imap' and issuing "store +flags (\Deleted)" and expunge as well as deleting messages with a mail client. Thanks, Simon. -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
Re: [Dovecot] LDA vs. LMTP
On Mon, 2013-07-29 at 09:30 +0200, Jan Behrend wrote: > You cannot use the LDA method if SMTP and IMAP services reside on > different machines, which would be the case in larger scale mail system > setups. > Sorry, that is incorrect. Granted, it does mean putting dovecot on the SMTP servers as well, but you certainly do not need to allow pop3/imap access. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] convert to mdbox
On Tue, Jul 23, 2013 at 10:08:57AM +0300, Birta Levente wrote: > > How can I convert all virtual mailboxes from maildir to mdbox? > Manually, one by one, working, but I have a lot ... I've converted around 4-500.000 users from maildir to mdbox by the following on a server configured for using MDBOX as default: 1 - Search for all users with mailMessageStore attribute in LDAP 2 - Convert user to mdbox: dsync -v -u "$username" mirror maildir:"$maildir" + check returncode dsync -v -u "$username" mirror maildir:"$maildir" + check returncode 3 - Delete mailMessageStore attribute from LDAP and add "mailLocation: mdbox:~/mdbox" 4 - pkill -HUP -u dovecot -f dovecot/auth -- to make sure auth cache is updated 5 - doveadm kick "$username" -- on all servers, in case user was logged in.. 6 - Do final sync: dsync -v -u "$username" mirror maildir:"$maildir" 7 - Delete maildir. Only 26554 users left to convert.. -jf
Re: [Dovecot] LDA vs. LMTP
On 07/26/2013 05:45 PM, Martin Burgraf wrote: > Hi there, > > I'm using Dovecot together with Postfix; as I understand it, there are two > ways to transfer the mail from Postfix to Dovecot. > 1.) by using LDA with mailbox_command = /usr/libexec/dovecot/dovecot-lda -f > "$SENDER" -a "$RECIPIENT" > 2.) by using LMTP with mailbox_transport = lmtp:unix:private/dovecot-lmtp > > (currently using number 1) > I'm interessted in the differences and the advantages/disadvantages of each > of those solutions. You cannot use the LDA method if SMTP and IMAP services reside on different machines, which would be the case in larger scale mail system setups. My advice is to go with LMTP anyway! Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehr...@mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de Die digitale Unterschrift dieser Mail kann durch das Zertifikat der DFN Global Hierarchie überprüft werden: https://ca.mpg.de/certs/root-DGP/deutsche-telekom-ca2-root-cert.der Weitere Informationen zur CA der MPG finden Sie unter: https://ca.mpg.de smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] Passing data safely in password_key?
On 07/28/13 13:49, Attila Nagy wrote: Hi, I would like to convert my custom POP/IMAP proxy to Dovecot's. In this proxy I do more than giving back user name, password and the host and I need extra information. Luckily all of them are available as variables, but more than one comes as user input (like user name and cleartext password) and I'm not sure how to pass them safely. Obviously I would need a separator, which is guaranteed not to show up either in user name and the cleartext password. Should I use escape (%E) here, or is there a better way? Just for the record, this is what I use currently: password_key = dovecot/passdb^MAuth-User: %u^MAuth-Pass: %w^MAuth-Protocol: %s^M Client-IP: %r^M
Re: [Dovecot] LDA vs. LMTP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 26 Jul 2013, Martin Burgraf wrote: I'm using Dovecot together with Postfix; as I understand it, there are two ways to transfer the mail from Postfix to Dovecot. 1.) by using LDA with mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" 2.) by using LMTP with mailbox_transport = lmtp:unix:private/dovecot-lmtp (currently using number 1) I'm interessted in the differences and the advantages/disadvantages of each of those solutions. According to http://wiki2.dovecot.org/LDA the recommended way is to use LMTP, since it's supposed to have a better performance. On the other hand, http://wiki2.dovecot.org/LMTP says, that LMTP is a backgound process, while LDA is only called when needed. I've also read, that LDA only uses the users privileges, which both means, that LDA should be better. I've also noticed, that LMTP adds an additional Recieved:-Header to the mail. Are there any other differences? LMTP also adds "Delivered-To", unless I'm mistaken. There is one difference, that pops up on failure: The LDA has the exit code only to return success/failure back to the MTA. LMTP uses the same mechanisms as SMTP to return success / failure incl. descriptive information. There is another difference, if you need additional hacking: With the LDA-method you can put a wrapper script between MTA and MDA, in order to alter the message, recipient, just log something, ... . Actually that self-made wrapper script [and I really mean script in the sense of bash, perl, python, C, ruby, ...] can control the delivery fully. That would be more sophisticated to do with LMTP. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUfYVuF3r2wJMiz2NAQLWwgf8CNZ+J9UmFco1dftatU95/MKN1T+70PuL w3+PpCbhCfJ3SHlnlTjRydaAYue4tL0Mu6lJ2ajm3n0SJSHukdxaWmPy6/P0dufV EQePTE3W0UD2j+zNYn57LCfF81No9c86A3Uz7DQcPhmsvCSZTo3PyEaPz0PkflTR BNQ14juGmJAQxSJDvudgCgzx7TnnGoqEx8EsKMTjSA0W3gCCng6N7MRCHuoCEZBJ AEfnwNgnw7bpeiPedI4l8gnvYEYK99Xa0ZmzjEYmbitzulTPRu8jPny7dfAHp5Bd xzEN3qWq/QZZ62wQgYSqYPT8mL8aRcwbS7ur9WbsBZHEmr0lLxnhlQ== =5twi -END PGP SIGNATURE-