[Dovecot] Securing mailboxes and passwords

Scott Silva ssilva at sgvwater.com
Wed Feb 25 18:08:28 EET 2009


on 2-24-2009 4:36 PM Daniel Aleksandersen spake the following:
> Sendt: Tue, 24 Feb 2009 19:11:43 -0500
> Fra: Timo Sirainent
>> On Wed, 2009-02-25 at 00:38 +0100, Daniel Aleksandersen wrote:
>>> Sendt: Wed, 25 Feb 2009 00:29:17 +0100
>>> Fra: Pascal Volk
>>>> On 25.02.2009 00:25 Daniel Aleksandersen wrote:
>>>>> The recepie assumes I have a group called secmail. I don’t. Am I supposed to create
>>>>> a special group for this purpose?
>>>> Yes, if the group does not exists, you have to create it. You could call
>>>> it whatever you want.
>>> I created the group and set the permissions to deliver as described in the recepie. I
>>> then added just about every user to that group.
>> No, don't do that. The point of it was to make deliver executable only
>> by your MTA, no one else. If other people were able to execute it, they
>> could gain root privileges.
> 
> I started added other users just to troubleshoot the problems I have been havnig.
> It did not work anyways, so I have removed other users from theat group.
> 
> The permissions still must be 777 or dovecot starts throwing permission errors.
> 
> I have tried a variety of other permissions including 677, 767, 776. All fail but 777.
A working virtual mail system doesn't need to be accessed by all the users. It
just needs to be accessible by dovecot, and whatever deliver system you are
using. I think you have config issues, or implementation issues, and not
permission issues.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20090225/4b44634f/attachment.bin 


More information about the dovecot mailing list