[Dovecot] replication howto

Timo Sirainen tss at iki.fi
Thu Mar 15 23:05:54 EET 2012


On 15.3.2012, at 22.48, Michael Grimm wrote:

> On 15.03.2012, at 18:57, Matteo Cazzador wrote:
> 
>> Hi, yes it'a good idea but i'm using now root i hope this not
>> invalid all
> 
> Actually it's a bad idea to use root for ssh from a security point 
> of view. A hacked root account isn't fun. Thus, normally one needs 
> to explicitly change the config of the sshd daemon to allow root 
> logins (at least with FreeBSD what I'm using). Thus, I do recommend 
> to use an unprivileged user like vmail.

Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.



More information about the dovecot mailing list