silly quesiton

John Stoffel john at stoffel.org
Tue Jan 25 15:31:02 UTC 2022


>>>>> "Marc" == Marc  <Marc at f1-outsourcing.eu> writes:

>> So just to be clear, each user has a login on your mail server in
>> /etc/passwd?  If so, I would strongly urge you to move to using only
>> virtual users on your mail infrastructure.
>> 

Marc> Why? Just disallow login, and that is from the perspective that
Marc> a mail user should be limited mail resources.

If the user does NOT need to login to the dovecot/mail servers, then
not having these users at all is more secure. 

Marc> I argue exactly the opposite. Keep as much as possible linux
Marc> users. As linux has been engineered for allowing multiple user
Marc> accounts, and most other virtual user providers that are used
Marc> here, have not.

I'm having a hard time to parse what you are saying here.

I'm saying that if the mail/dovecot server is only providing mail
services, then putting all the users (across multiple domains even)
into a virtual user database is more secure and more scalable.

General users don't need accounts on the mail server, and security in
depth argues that keeping them off the server entirely is a good
thing.

John






More information about the dovecot mailing list