[Dovecot] replication howto
Hello, excuse me but there is some documentation about replication now? I dont' understand where i must put the lines below (dovecot.conf? , 20-imap?) Excuse but it's not so clear for me cause i'm a new dovecot user. Another question, i use virtual users on mysql backend , so for replication i need to give ssh at every virtual users? Or i can use a only use a system ssh user? Thank's
service aggregator { # give enough permissions for mail processes fifo_listener replication-notify-fifo { user = vmail mode = 0600 } unix_listener replication-notify { user = vmail mode = 0600 } }
service replicator { # start replication at startup process_min_avail = 1 }
plugin { # host1 replicates to host2 mail_replica = remote:vmail at host2.example.com # host2 replicates to host1 #mail_replica = remote:vmail at host1.example.com }
#dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
service doveadm { # if you're using a single virtual user, set this to # start ssh as vmail (not root) user = vmail }
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
Hi --
On 15.03.2012, at 17:42, Matteo Cazzador wrote:
Hello, excuse me but there is some documentation about replication now?
Not that I'm aware of.
I dont' understand where i must put the lines below (dovecot.conf? , 20-imap?)
You can put them wherever you wish, as long as you include that part of your configuration. Myself, I'm still using a single dovecot.conf, only.
Another question, i use virtual users on mysql backend , so for replication i need to give ssh at every virtual users? Or i can use a only use a system ssh user?
If I'm not mistaken, you can use a single ssh user, and you could use the vmail user for instance. That's what I do, and I'm using sqlite for userdb.
Here's my configuration:
If you choose to run ssh on a different port from the default one, you need:
## ssh command line used in dsync replication (ssh port added) # dsync_remote_cmd = ssh -p 1234 -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
If not, you can start here:
## --- DSYNC REPLICATION ---------------------------------------- # # aggregator, replicator, doveadm, and config needed, and # dsync_remote_cmd if running ssh via non-default port # service aggregator { # give enough permissions for mail processes # fifo_listener replication-notify-fifo { user = vmail mode = 0600 } unix_listener replication-notify { user = vmail mode = 0600 } } service replicator { # start replication at startup # process_min_avail = 1 } service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root) # user = vmail } service config { # needed to grant access to /var/run/dovecot/config for service doveadm # unix_listener config { user = vmail } }
The following part is for server 1, only:
## --- PLUGINS ---------------------------------------- # # dsync replication plugin # plugin { # this host replicates to remote host # mail_replica = remote:vmail@server2.domain
# run full synchronization mode every other hour
# (default is every 24 hours)
#
replication_full_sync_interval = 1 hours}
The following part is for server 2, only:
## --- PLUGINS ---------------------------------------- # # dsync replication plugin # plugin { # this host replicates to remote host # mail_replica = remote:vmail@server1.domain
# run full synchronization mode every other hour
# (default is every 24 hours)
#
replication_full_sync_interval = 1 hours}
HTH, Michael
Hi, thank's a lot! for your detailed answer.
About ssh (excuse for my english) i think you correctly understand what is "my problem" with virtual user (i have no system user ) and there are not ssh account. So i must use a dedicate account for replication (ssh) that must act sync for all virtual mail account. Thank' s i try you suggest now!
Il 15 marzo 2012 18:09, Michael Grimm trashcan@odo.in-berlin.de ha scritto:
Hi --
On 15.03.2012, at 17:42, Matteo Cazzador wrote:
Hello, excuse me but there is some documentation about replication now?
Not that I'm aware of.
I dont' understand where i must put the lines below (dovecot.conf? , 20-imap?)
You can put them wherever you wish, as long as you include that part of your configuration. Myself, I'm still using a single dovecot.conf, only.
Another question, i use virtual users on mysql backend , so for replication i need to give ssh at every virtual users? Or i can use a only use a system ssh user?
If I'm not mistaken, you can use a single ssh user, and you could use the vmail user for instance. That's what I do, and I'm using sqlite for userdb.
Here's my configuration:
If you choose to run ssh on a different port from the default one, you need:
## ssh command line used in dsync replication (ssh port added) # dsync_remote_cmd = ssh -p 1234 -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
If not, you can start here:
## --- DSYNC REPLICATION ---------------------------------------- # # aggregator, replicator, doveadm, and config needed, and # dsync_remote_cmd if running ssh via non-default port # service aggregator { # give enough permissions for mail processes # fifo_listener replication-notify-fifo { user = vmail mode = 0600 } unix_listener replication-notify { user = vmail mode = 0600 } } service replicator { # start replication at startup # process_min_avail = 1 } service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root) # user = vmail } service config { # needed to grant access to /var/run/dovecot/config for service doveadm # unix_listener config { user = vmail } }
The following part is for server 1, only:
## --- PLUGINS ---------------------------------------- # # dsync replication plugin # plugin { # this host replicates to remote host # mail_replica = remote:vmail@server2.domain
# run full synchronization mode every other hour # (default is every 24 hours) # replication_full_sync_interval = 1 hours }
The following part is for server 2, only:
## --- PLUGINS ---------------------------------------- # # dsync replication plugin # plugin { # this host replicates to remote host # mail_replica = remote:vmail@server1.domain
# run full synchronization mode every other hour # (default is every 24 hours) # replication_full_sync_interval = 1 hours }
HTH, Michael
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
Hi --
On 15.03.2012, at 18:16, Matteo Cazzador wrote:
with virtual user (i have no system user ) and there are not ssh account. So i must use a dedicate account for replication (ssh) that must act sync for all virtual mail account.
Yes, that's what I use. I did create a dedicated account for vmail with all the necessary ssh stuff in ~vmail/.ssh
One remark I forgot to mention in my last mail:
service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root) # user = vmail }
This part is only needed, if you choose to run device doveadm as user vmail like I do.
service config { # needed to grant access to /var/run/dovecot/config for service doveadm # unix_listener config { user = vmail } }
Regards, Michael
Hi, yes it'a good idea but i'm using now root i hope this not invalid all
I obtain this error but maybe i need some pause
Mar 15 18:55:28 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: remote: bash: doveadm: command not found Mar 15 18:55:28 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: read() from worker server failed: EOF
Thank's a lot!
Il 15 marzo 2012 18:28, Michael Grimm trashcan@odo.in-berlin.de ha scritto:
Hi --
On 15.03.2012, at 18:16, Matteo Cazzador wrote:
with virtual user (i have no system user ) and there are not ssh account. So i must use a dedicate account for replication (ssh) that must act sync for all virtual mail account.
Yes, that's what I use. I did create a dedicated account for vmail with all the necessary ssh stuff in ~vmail/.ssh
One remark I forgot to mention in my last mail:
service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root) # user = vmail }
This part is only needed, if you choose to run device doveadm as user vmail like I do.
service config { # needed to grant access to /var/run/dovecot/config for service doveadm # unix_listener config { user = vmail } }
Regards, Michael
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
Hi --
On 15.03.2012, at 18:57, Matteo Cazzador wrote:
Hi, yes it'a good idea but i'm using now root i hope this not invalid all
Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail.
I obtain this error but maybe i need some pause
;-)
Mar 15 18:55:28 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: remote: bash: doveadm: command not found
root doesn't not find doveadm at the remote server. As mentioned above you better create an account for vmail and allow that user to find doveadm in its path.
Mar 15 18:55:28 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: read() from worker server failed: EOF
That's an error due to not finding doveadm at the remote site.
Regards, Michael
On 15.3.2012, at 22.48, Michael Grimm wrote:
On 15.03.2012, at 18:57, Matteo Cazzador wrote:
Hi, yes it'a good idea but i'm using now root i hope this not invalid all
Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail.
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
in ~privilgeduser/.ssh/authorized keys:
from=<list of hosts key is valid for> cmd=dsync.sh pubkey...
On 03/15/2012 05:05 PM, Timo Sirainen wrote:
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
Plus the scripts that
- when calling ssh dsync first writes the username to stdout (before dsync starts communicating)
and
- dsync.sh on remote first reads the username from stdin, before execing dsync itself
Because it's not possible to give -u $username parameter in the authorized_keys cmd itself. That's the only changing parameter that is needed.
On 15.3.2012, at 23.49, David Ford wrote:
in ~privilgeduser/.ssh/authorized keys:
from=<list of hosts key is valid for> cmd=dsync.sh pubkey...
On 03/15/2012 05:05 PM, Timo Sirainen wrote:
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
Hi, thank's everybody, today afternoon i apply the suggest
and i test solution.
I post the actual configuration that i will test:
vmail users is present too, i create ssh-keygen for users vmail and relative home directory and permit ssh with no password with user vmail on two servers. Then i use the configuration below
i leave comment the line below or i need to active it excuse but i don't understand clear cause my terrible english?
#dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
and apply this on two servers
service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root) # user = vmail }
service config { # needed to grant access to /var/run/dovecot/config for service doveadm # unix_listener config { user = vmail } }
Thank's everyboy
Il 15 marzo 2012 22:55, Timo Sirainen tss@iki.fi ha scritto:
Plus the scripts that
- when calling ssh dsync first writes the username to stdout (before dsync starts communicating)
and
- dsync.sh on remote first reads the username from stdin, before execing dsync itself
Because it's not possible to give -u $username parameter in the authorized_keys cmd itself. That's the only changing parameter that is needed.
On 15.3.2012, at 23.49, David Ford wrote:
in ~privilgeduser/.ssh/authorized keys:
from=<list of hosts key is valid for> cmd=dsync.sh pubkey...
On 03/15/2012 05:05 PM, Timo Sirainen wrote:
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
Hi, i obtain the same error
Mar 16 13:02:01 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: remote: bash: doveadm: command not found Mar 16 13:02:01 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: read() from worker server failed: EOF
i've create vmail users (i've virtual domain netlite.locale (postfix), mysql backend i receive ana send mail correctly i use imap protocol), get ssh connection with publick key, i verify that with su - vmail , vmail find doveadm, i post my dovecot.conf file because i don't know what is wrong
vmail exist on every server with publick key
(server one => 10.0.0.118
server two => 10.0.0.122)
dovecot.conf ->
#dsync_remote_cmd = ssh -p 22 -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
service aggregator { # give enough permissions for mail processes # fifo_listener replication-notify-fifo { user = vmail mode = 0600 } unix_listener replication-notify { user = vmail mode = 0600 } } service replicator { # start replication at startup # process_min_avail = 1 }
service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root)
user = vmail}
service config { # needed to grant access to /var/run/dovecot/config for service doveadm
unix_listener config {
user = vmail
}}
plugin { # this host replicates to remote host # mail_replica = remote:vmail@10.0.0.122
# run full synchronization mode every other hour # (default is every 24 hours) # replication_full_sync_interval = 1 hour }
idem on the server 2 changing mail_replica = remote:vmail@10.0.0.118
thank's
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
Hi, with this changes first step is passed:
I decomment this
#dsync_remote_cmd = ssh -p 22 -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
i active and add absolute path of doveadm
dsync_remote_cmd = ssh -p 22 -l%{login} %{host} /usr/local/bin/doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
But now from server 1 obtain
Error: remote: dsync-remote(matteo@netlite.locale): Error: User has no home directory
Note: if i send a mail from server2 mail goes correcly in local (server 2) home virtual directory
I note that when i launch manually from server1 sync, mysql on server 2 make correct sql to find home user dir
On server 2
SELECT maildir, 1000 AS uid, 1000 AS gid, '/home/domini-posta/netlite.locale/matteo' as mail FROM mailbox WHERE username = 'matteo@netlite.locale'
result are:
+------------------------+------+------+------------------------------------------+ | maildir | uid | gid | mail | +------------------------+------+------+------------------------------------------+ | netlite.locale/matteo/ | 1000 | 1000 | /home/domini-posta/netlite.locale/matteo | +------------------------+------+------+------------------------------------------+
this configuration is teh same for server 1 and 2
thank's
Il 16 marzo 2012 13:12, Matteo Cazzador mcazzador@gmail.com ha scritto:
Hi, i obtain the same error
Mar 16 13:02:01 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: remote: bash: doveadm: command not found Mar 16 13:02:01 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: read() from worker server failed: EOF
i've create vmail users (i've virtual domain netlite.locale (postfix), mysql backend i receive ana send mail correctly i use imap protocol), get ssh connection with publick key, i verify that with su - vmail , vmail find doveadm, i post my dovecot.conf file because i don't know what is wrong
vmail exist on every server with publick key
(server one => 10.0.0.118
server two => 10.0.0.122)
dovecot.conf ->
#dsync_remote_cmd = ssh -p 22 -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
service aggregator { # give enough permissions for mail processes # fifo_listener replication-notify-fifo { user = vmail mode = 0600 } unix_listener replication-notify { user = vmail mode = 0600 } } service replicator { # start replication at startup # process_min_avail = 1 }
service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root)
user = vmail }
service config { # needed to grant access to /var/run/dovecot/config for service doveadm
unix_listener config { user = vmail } }
plugin { # this host replicates to remote host # mail_replica = remote:vmail@10.0.0.122
# run full synchronization mode every other hour # (default is every 24 hours) # replication_full_sync_interval = 1 hour }
idem on the server 2 changing mail_replica = remote:vmail@10.0.0.118
thank's
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
Hi,
Solved!
i add at my sql
SELECT maildir, 1000 AS uid, 1000 AS gid, '/home/domini-posta/netlite.locale/matteo' as mail, '/home/domini-posta/netlite.locale/matteo' as home FROM mailbox WHERE username = 'matteo@netlite.locale'
Now i've see first replication going!!! thank's everybody
I hope my test help someone.
Now i proceedd at use the replication system.
Il 16 marzo 2012 14:02, Matteo Cazzador mcazzador@gmail.com ha scritto:
Hi, with this changes first step is passed:
I decomment this
#dsync_remote_cmd = ssh -p 22 -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
i active and add absolute path of doveadm
dsync_remote_cmd = ssh -p 22 -l%{login} %{host} /usr/local/bin/doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
But now from server 1 obtain
Error: remote: dsync-remote(matteo@netlite.locale): Error: User has no home directory
Note: if i send a mail from server2 mail goes correcly in local (server 2) home virtual directory
I note that when i launch manually from server1 sync, mysql on server 2 make correct sql to find home user dir
On server 2
SELECT maildir, 1000 AS uid, 1000 AS gid, '/home/domini-posta/netlite.locale/matteo' as mail FROM mailbox WHERE username = 'matteo@netlite.locale'
result are:
+------------------------+------+------+------------------------------------------+ | maildir | uid | gid | mail | +------------------------+------+------+------------------------------------------+ | netlite.locale/matteo/ | 1000 | 1000 | /home/domini-posta/netlite.locale/matteo | +------------------------+------+------+------------------------------------------+
this configuration is teh same for server 1 and 2
thank's
Il 16 marzo 2012 13:12, Matteo Cazzador mcazzador@gmail.com ha scritto:
Hi, i obtain the same error
Mar 16 13:02:01 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: remote: bash: doveadm: command not found Mar 16 13:02:01 Gentoo_cyrus_imap dovecot: dsync-local(matteo@netlite.locale): Error: read() from worker server failed: EOF
i've create vmail users (i've virtual domain netlite.locale (postfix), mysql backend i receive ana send mail correctly i use imap protocol), get ssh connection with publick key, i verify that with su - vmail , vmail find doveadm, i post my dovecot.conf file because i don't know what is wrong
vmail exist on every server with publick key
(server one => 10.0.0.118
server two => 10.0.0.122)
dovecot.conf ->
#dsync_remote_cmd = ssh -p 22 -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
service aggregator { # give enough permissions for mail processes # fifo_listener replication-notify-fifo { user = vmail mode = 0600 } unix_listener replication-notify { user = vmail mode = 0600 } } service replicator { # start replication at startup # process_min_avail = 1 }
service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root)
user = vmail }
service config { # needed to grant access to /var/run/dovecot/config for service doveadm
unix_listener config { user = vmail } }
plugin { # this host replicates to remote host # mail_replica = remote:vmail@10.0.0.122
# run full synchronization mode every other hour # (default is every 24 hours) # replication_full_sync_interval = 1 hour }
idem on the server 2 changing mail_replica = remote:vmail@10.0.0.118
thank's
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
Hi --
On 15.03.2012 22:05, Timo Sirainen wrote:
On 15.3.2012, at 22.48, Michael Grimm wrote:
Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail.
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails.
Root has access to everyone's mail as well.
And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
All those safety measures can be applied for the vmail user as well. Actually, that's what I did in my case, plus allowing ssh only between both mail servers (firewall rule).
Regards, Michael
Hi, i've a simple question, what do you mean for dovecot director setup? 'i've a doubt. The solution that i'm testing is using 3 mail server in different geoghrapic locations. An user can travel in varius location, and i want his imap mail reside on mail server in every locations. Sò i use you solution about replication. First server (by dns record) that receive mail sync it on the other servers, and when user consult is mail by imap protocol everything is sync on all servers. Do you suggest to use a horizontal structure for it like i explain or is better to have a single node external mail server and customer locations server like slave? Thank's
Il 19 marzo 2012 09:35, Michael Grimm trashcan@odo.in-berlin.de ha scritto:
Hi --
On 15.03.2012 22:05, Timo Sirainen wrote:
On 15.3.2012, at 22.48, Michael Grimm wrote:
Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail.
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails.
Root has access to everyone's mail as well.
And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
All those safety measures can be applied for the vmail user as well. Actually, that's what I did in my case, plus allowing ssh only between both mail servers (firewall rule).
Regards, Michael
-- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.
Ing. Matteo Cazzador Email: mcazzador@gmail.com
On 19.3.2012, at 12.50, Matteo Cazzador wrote:
Hi, i've a simple question, what do you mean for dovecot director setup? 'i've a doubt. The solution that i'm testing is using 3 mail server in different geoghrapic locations. An user can travel in varius location, and i want his imap mail reside on mail server in every locations. Sò i use you solution about replication. First server (by dns record) that receive mail sync it on the other servers, and when user consult is mail by imap protocol everything is sync on all servers. Do you suggest to use a horizontal structure for it like i explain or is better to have a single node external mail server and customer locations server like slave?
Dovecot director isn't really meant to be used for geographic user distribution. Also the replication doesn't yet support more than two servers.
A master-slave setup wouldn't have the UID conflict problems that multi-master dsync replication has, but the UID conflicts probably won't be a big problem.
Anyway, difficult to give recommendations about an unfinished feature..
On Mon, Mar 19, 2012 at 09:35:34AM +0100, Michael Grimm wrote:
On 15.03.2012 22:05, Timo Sirainen wrote:
On 15.3.2012, at 22.48, Michael Grimm wrote:
Actually it's a bad idea to use root for ssh from a security point of view. A hacked root account isn't fun. Thus, normally one needs to explicitly change the config of the sshd daemon to to allow root logins (at least with FreeBSD what I'm using). Thus, I do recommend to use an unprivileged user like vmail.
Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails.
Root has access to everyone's mail as well.
I think you are missing the point, that being: if all your mail are belong to vmail, somebody set up us the bomb if the vmail account is compromised.
(Obviously that's true with a root compromise as well, but that is unavoidable. Effects of a root compromise can be limited with technologies like Apparmor and SELinux, but that is difficult to configure properly and only provides limited benefit: compromised root can do everything real root was allowed to do.)
The point is: vmail has added a SECOND vulnerable point from which disaster can ensue. If mailbox ownership is distributed among multiple UID/GID, compromise of any one of those only endangers the mails to which it had access.
And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails.
All those safety measures can be applied for the vmail user as well. Actually, that's what I did in my case, plus allowing ssh only between both mail servers (firewall rule).
Sure, but there too, all your email eggs are in the vmail basket. No, disaster is not imminent nor even likely to ensue, but the fact stands that you and millions of other virtual-only sites do have this additional potential vulnerability.
It is well supported in Dovecot to be able to use a unique UID and GID for every virtual mailbox, but management of such a system presents more challenges than the single-vmail-user approach. Consequently the popular virtual frontends don't support it.
http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
participants (5)
-
/dev/rob0
-
David Ford
-
Matteo Cazzador
-
Michael Grimm
-
Timo Sirainen