On 09/05/2023 12:26 EEST Marc <marc@f1-outsourcing.eu> wrote:
? Imho are these just arguments for people not being able to setup an environment correctly.
I do not intend to start a flame on this topic, it is just my opinion.
But writing it down like this is still educating people (incorrectly).
It's not about the correct environment (you can google for it and you will found a pretty good setup even when you are newbie) but about the potential vulnerabilities related to each component of the system: if the system has less components the probability to have issues is smaller.
Yes but this is reasoning backwards, and even then, it is not complete because you have multiple layers of security. Eg only dovecot is public facing and can have an exploit that would be limited to just by os uid environment. If you are proficient with selinux you could even enhance the os rules for access.
Also you can have cases when you really want to have system users ( like using the same server as samba server or so) and in this case the opposite approach is better.
It is not about sharing, it is about how many people are looking and reporting authentication/authorisation issues and specialize in this area. You should choose the tool made for its purpose. When having a nail you choose a hammer. Obviously you can also use a hammer on a screw.
Your argumentation though is not really solid. Forcing your system to be aware of all the users that are valid for mail delivery is not necessarely a good idea. E.g. it will sometimes make shared folder configuration unnecessarely difficult. It will also make your system aware of all the possible mail users.
If you are doing multi-domain hosting, it becomes even more difficult, now your system needs to be aware of users from multiple different domains with potentially overlapping usernames.
In the end you get no practical gains from going through OS authentication for just storing & accessing emails, but you sure get lots of complications.
The system simply does not need to be aware of these users.
Aki