Any known issues with installing/running roundcube and dovecot on the same
server?
There is a generic issue with doing this. That is if you have roundcube (or any
other web mail interface) on the same server as dovecot, a breach of the web
interface could be quite serious and allow access to the complete mail store.
A better configuration is to run the web mail interface on an isolated server
and get it to communicate using TLS imap with a remote dovecot service.
For economy, you could do this on the same machine using a small virtual server
to run roundcube
I disagree with this, and that is what user/group/permissions are for.
Roundcube does not have direct file access to the emails even on the same
server. Roundcube opens a connection to dovecot, supplies the user/pass/login
credentials to dovecot, and dovecot fetches the email stores and serves it to
roundcube. There is nothing a hacker can gain access to by exploiting roundcube
that they also couldn't get in the same scenario if roundcube and dovecot were
on two different machines.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org