Dovecot mail-crypt webmail can't read encrypted messages

[Serveria Support]

> If someone has root they can just read the email storage files, no
> password needed.

We are discussing Dovecot with encrypted mail storage here.

> If someone has root, and dovecot has no code showing passwords in
> logs, the attacker can build THEIR OWN version of dovecot that
> "key-logs" all passwords to a remote server WITHOUT displaying
> passwords in the logs.

Please compare the time needed to: get in, enable debug logging, read 
the log file with: get in, enable debug logging, realize it's not 
working (some will stop here), consider your options, build THEIR OWN 
version of dovecot that "key-logs" all passwords to a remote server 
WITHOUT displaying passwords in the logs?

> This is what people mean when they say if someone has root you have
> bigger problems then dovecot logging.

I generally agree but only if the mail storage is unencrypted. With 
encrypted storage I can think of many scenarios: corrupt law 
enforcement, malicious freelance admin, social engineering tricks etc 
etc etc when attackers will have not enough time/expertise to grab your 
passwords.

On 2022-10-11 18:16, dovecot at ptld.com wrote:
>> Yeah, it's such an obvious vulnerability, I'm kinda surprised most 
>> people here don't see an issue with that.
> 
> 
> What people are trying to explain is the scenario you describe
> requires an attacker to have root privileges on the target server. If
> someone has root access to a server then your fears are moot and the
> suggestion to remove code logging passwords offers zero protection.
> 
> If someone has root they can just read the email storage files, no
> password needed.
> 
> If someone has root, and dovecot has no code showing passwords in
> logs, the attacker can build THEIR OWN version of dovecot that
> "key-logs" all passwords to a remote server WITHOUT displaying
> passwords in the logs.
> 
> This is what people mean when they say if someone has root you have
> bigger problems then dovecot logging.