8 Sep
2023
8 Sep
'23
11:27 a.m.
There is a generic issue with doing this. That is if you have roundcube (or any other web mail interface) on the same server as dovecot, a breach of the web interface could be quite serious and allow access to the complete mail store.
No this is crap. user/group is are preventing this. The only risk you have when roundcube is hacked is that any user logging after this hack, his mailbox can be accessed (grabbed userid/passwd). So users not even using this roundcube have no problem at all.