"Marc" == Marc Marc@f1-outsourcing.eu writes:
So just to be clear, each user has a login on your mail server in /etc/passwd? If so, I would strongly urge you to move to using only virtual users on your mail infrastructure.
Marc> Why? Just disallow login, and that is from the perspective that Marc> a mail user should be limited mail resources.
If the user does NOT need to login to the dovecot/mail servers, then not having these users at all is more secure.
Marc> I argue exactly the opposite. Keep as much as possible linux Marc> users. As linux has been engineered for allowing multiple user Marc> accounts, and most other virtual user providers that are used Marc> here, have not.
I'm having a hard time to parse what you are saying here.
I'm saying that if the mail/dovecot server is only providing mail services, then putting all the users (across multiple domains even) into a virtual user database is more secure and more scalable.
General users don't need accounts on the mail server, and security in depth argues that keeping them off the server entirely is a good thing.
John