From 2233e683cbe3f68795dd150ecda69a49743df28f Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Wed, 11 Oct 2023 20:08:41 -0700
Subject: [PATCH] Apparently lmtp needs root to start...

---
 dovecot.nix | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/dovecot.nix b/dovecot.nix
index f486293..e145908 100644
--- a/dovecot.nix
+++ b/dovecot.nix
@@ -409,10 +409,15 @@ in {
               port = ${toString cfg.ports.lmtp}
             }
 
-            # Drop privs, since all mail is owned by one user
-            user = ${cfg.mail-user}
+            ## Drop privs, since all mail is owned by one user
+            # user = ${cfg.mail-user}
             # group = ${cfg.mail-group}
-            # user = root
+            ### Necessary bceause:
+            ## - for security reasons lmtp service must be started as root since
+            ##   version 2.2.36. lmtp will drop root privileges after initialisation but it needs
+            ##   to open /self/proc/io as root before that."
+            ## See: https://dovecot.org/list/dovecot/2019-July/116674.html
+            user = root
           }
 
           passdb {