John Allen wrote:
As far as I recall, IMAP servers generally don't allow access to root.
According to the Dovecot wiki, this is hard-coded in the binary: http://wiki.dovecot.org/MainConfig see under "first_valid_uid"
If the root user is receiving emails, these need to be redirected to another user so they can be read via IMAP.
I guess the source needs a patch.
Why would dovecot choose to play nursemaid to people who want to read
root email remotely via IMAPS?
I can log in via SSH, so why not allow it with secure IMAP? I suppose really, if someone wants to run as root with no password dovecot should be **configurable** to allow this -- as we can't always understand the needs of end users.
Example. You have a system on which root uid=0 means nothing (assigns no privs -- all assigned via privilege/capability bits).
This means dovecot is hardcoded to lock out a user that may have no privileges, but has no prob permitting access to those with full Capability/priv sets.
That is NOT remotely a secure design -- Not that it "allows login to those w/caps", but that it bogusly tries to invalidate site-security policies that it doesn't like
Samba has done this and actually disparages people who don't use conventional security policies 'insecure', when those same people can point out a multitude of ways samba can be easily -- in the ways that the samba team, _recommend_, that samba can be accidentally or surreptitiously configured insecurely. When it is asked why alternate security policies are insecure -- they change the subject and agree grudgingly to re-allow 'banned' commands under options like "allow insecure XXXX"...
Trying to 'play nursemaid' to users is a bad security policy -- since as soon you (like samba team leader said, "we had to make it impossible to configure samba insecurely", you are asking for trouble; cuz then users think they don't have to worry about how they config things, it will always be secure...and we know that is very untrue!