13 Sep
2023
13 Sep
'23
9:51 a.m.
On 2023-09-08, Robert Senger wrote:
I am running roundcube and dovecot on the same machine. To avoid the described scenario, I have:
- Enabled and configured selinux on that machine,
yes selinux is a must have
- Enabled mail-crypt plugin with user keys in dovecot.
This should make it hard for an attacker to get access to the emails even with root access gained through a compromised web server.
mail-crypt is useful if attacker get access to the mails but not to the keys. If you store mails on the same system it's useless