Hi, i've a simple question, what do you mean for dovecot director setup? 'i've a doubt. The solution that i'm testing is using 3 mail server in different geoghrapic locations. An user can travel in varius location, and i want his imap mail reside on mail server in every locations. Sò i use you solution about replication. First server (by dns record) that receive mail sync it on the other servers, and when user consult is mail by imap protocol everything is sync on all servers. Do you suggest to use a horizontal structure for it like i explain or is better to have a single node external mail server and customer locations server like slave? Thank's
Il 19 marzo 2012 09:35, Michael Grimm trashcan@odo.in-berlin.de ha scritto:
Hi --
On 15.03.2012 22:05, Timo Sirainen wrote:
On 15.3.2012, at 22.48, Michael Grimm wrote:
Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail.
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails.
Root has access to everyone's mail as well.
And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
All those safety measures can be applied for the vmail user as well. Actually, that's what I did in my case, plus allowing ssh only between both mail servers (firewall rule).
Regards, Michael
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com