[Dovecot] Please help me resolve why mail isn't being delivered to virtual users

[mouss]

Pascal Volk wrote:
> Am 09.01.2008 21:43 schrieb Asheesh Laroia:
>> Not in the way I was describing:
>>
>> Let's say some person logs on to your Dovecot-based IMAP service and 
>> figures out how to take over Dovecot to read and modify arbitrary files on 
>> the system.  (Timo, I hope this doesn't happen - but bear with me.)  To be 
>> clear, Dovecot's imap handler runs as the UNIX UID associated with the 
>> user logging in, not root.

if there's a bug in dovecot that allows this, then there will also be
bugs that give the whole server to the attacker...

>>
>> In the virtual user setup that the thread starter described, the user 
>> shares his UNIX UID with the other virtual users on the system.  So he has 
>> UNIX permission to read and write other users' mail.
> 
> This will be only the case, if you have a poor™ setup.

poor? come on!

> If the setup is done right, each imap/pop user will have it's on UID.
> And therefor each imap/pop process will run with the UID from the user.
> 

using different uids means that the delivery agent needs some privilege
to write to the mailboxes. In general, this is achieved by making the
MDA suid.

and since we are talking about possible bugs, what do you think are the
consequences of potential bugs in the MDA if it is suid?

Note that using different uids with virtual users don't bring much. one
needs to make sure there is no uid collision with unix users (which
means you must make sure adduser doesn't create an account with a uid
used by a virtual mailbox). the only thing it brings is that the uid has
no "name" and can't login.

I have found that a single uid/gid have many benefits. for example, the
same uid is used to retrain spamassassin.