-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 28.10.2013 20:14, schrieb Douglas Mortensen:
Currently our dovecot servers are on our webhosting linux boxes. We are using the LAMP stack to host websites, and also doing email with postfix & dovecot on these systems. We provide this as a hosting setup for 100+ accounts/websites on a single server (a multi-tenant setup). Each customer has anywhere between 1-100 email accounts which Dovecot services.
If a customer has vulnerable PHP code on a website, some of these will allow a remote file upload. I have seen cases where they upload a PHP script that is a sort of web-based console/shell to the server (file-system, etc.). It provides several tools which all run through the uploaded PHP script to try to brute force and do other attacks. I've seen attempts at a root exploit. We've never had a root exploit and any such case of a customer's site being hacked has been easily contained by simple filesystem permissions being correct (and the fact that we have apache setup to run all scripts as the user who is the owner of the script files, which confines the script to that users' permissions). Still nobody loves the idea of bad guys trying to hack on your box.
So.... given that type of scenario, if filesystem permissions weren't correct, or some new exploit surfaced that allowed someone bypass or elevate to root, then they could theoretically have access to the entire fileystem including where emails are stored.
I hope to never have this sort of thing happen. We patch our systems regularly and have other security measures we follow to prevent this. We also are managing most of the PHP scripts customers use ourselves now and are updating those for the CMS' and other systems proactively.
However, it would be nice to know that even if we were breached, the emails on the server were encrypted and would be completely useless to an attacker.
This type of encryption is ideal and some regulations prefer (although don't require) it. - Doug Mortensen Network Consultant Impala Networks P: 505.327.7300
you shouldnt host mail/imap services on the same servers with massive http hosting, i dont see a real connection between php bugs etc and dovecot, it more a question of setup design you have choosen what makes thing more bad then they have to be
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Michael Orlitzky Sent: Monday, October 28, 2013 11:52 AM To: dovecot Subject: Re: [Dovecot] Encryption solution for messages at rest
On 10/28/2013 12:02 PM, Douglas Mortensen wrote:
Hi,
We have clients with various security & compliance requirements. Although not required, it would be ideal to have messages encrypted at rest.
You can rule out a lot of the crazier options by answering the questions,
(a) What attack scenario do you have in mind?
(b) How will encryption help?
Best Regards MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSb2mWAAoJEP8jBObu0LlEWkAH+gImez3F9cz1c5TcbgWTMdP6 onrp2Swd5gw6bKNkj2R6bzvtNPTNtrCUxVNU8c8YIIyeMK+fq3d6YxjB8p5nwrrR AqL82xo97CbjPluldrcUAZUzBSUMrIjXC4dKAQvpD/Nhl7QMmPmeCcvZ8B39urcs 4AT2vSDI5wvuMtpKzj2ohA5P9UAwDPmm6beihWn73IubCWeUcO47sJj4W0dnO2bv OZ2k6TwLfRbdkqH3wH0JEGqnYgrRxm9czkidH1C5JJM5MAosJoTn21dSbLZoqD8O pmdT7jqUfyZ1GkUDO2OqEHl1V04RQhlP0wxAKTh39ahvQrXZgPzTwhxw6T0cZoM= =zZYc -----END PGP SIGNATURE-----